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1 Introduction 


This research aims at extending von Plato’s 2009/16 work by offering a (possi- 
bly comprehensive) account of Aristotle’s deductive logic.” The method, which 
led von Plato to a transparent reconstruction of assertoric syllogistic and to the 
remarkable normal form theorem, is here applied to purely and mixed apodic- 
tic logic. Following it, the original source is directly analyzed, without adding 
anything to it. Indeed, although the success of syllogistic was such that many 
of its original features were changed throughout its evolution, in An.Pr. I, 
Aristotle had explicitly defined his logic and systematically introduced a com- 
pletion proof for each imperfect mood. Our study simply consists in treating 
syllogistic as a ND system and derivability proofs as tree-form derivations, with 
great benefits both for text exegesis and for proof comprehension. Thanks to 
this ‘translation’ of the source into tree form, not only plain assertoric, but 
also controversial modal derivability proofs become perfectly intelligible. This 
proof-theoretical approach (coherent with Analytica’s original goal) allows us 
to define a clear and suited-to-study rule system and to show that all Aristotle’s 
proofs are correct. Indeed, when considered as a deductive system, apodictic 
syllogistic does not appear as a “realm of darkness” [12, p. 1] anymore. 


2 The assertoric system SYL 


Before presenting his syllogistic, Aristotle introduces the language (An.Pr. 
24a16-20). Assertoric (atomic) propositions express the belonging of a term, 
the predicate, to another term, the subject. They are characterized by quality, 
affirmative or negative, and quantity, universal or particular: ? 


i (S,P)..| Te (S,P)..| 2" (S3P). | 21S,P) 


1 | wish to thank G. Corsi, E. Orlandelli and J. von Plato for guiding me in the present 
study and supporting it through the ERC Advanced Grant GODELIANA, led by him. 

2 The idea of extending [16] to modal syllogistic was suggested to me by Jan von Plato. 

3 We have used the compact and suggestive notation of [16]. Capital letters denote terms, 
II and & indicate the predication quantity, the index the quality. In natural language: 


Every Sis P| NoS is P| Some S is P | Some S is not P 


4 The proof theory of apodictic syllogistic 


For Aristotle, a syllogism is a two-premisses, valid inference defined by its pair 
of productive premisses.+ Syllogisms are divided into three figures, based on 
the relation between the middle term and the extremes, and may be either 
perfect/complete or imperfect /incomplete (24b23-7).° The core of An.Pr. I 
concerns the ‘reduction’ of all imperfect moods to the perfect ones. By sys- 
tematically inspecting possible premisses combination in each figure, Aristotle 
proves that either a given conclusion follows from them or that no one can. In 
the latter case, the premisses are said not to “syllogize” (and a counter-example 
is offered). 

Following a tradition starting in the 1970s, we will treat assertoric syllogistic 
as a ND system.© The innovative tree-form treatment comes from [16], by 
which our system is inspired. SYL is obtained by simply ‘translating’ the 


rules, linearly presented in the original source, into tree form: 
Sris.py E(S.P)- I (S,P 1" (S,P 
2s: Bey eA ge eer a WL OE ai 
IT (S,P) II (S,P) =*(S,P) » (S,P) 

+ Ir(S,P I+ (S,P 
=+(S,P) as Z| ) hee (S,P) nee 
=+(P,S) IT (P,S) »+(P,S) 
WBA) (CB) 1(BA) WCB) | 

ELARENT 
TI (GA) BARBARA Ir (C,A) 
II* (B,A) =+(C,B) zs Il (B,A) =+(C,B) : 
ARII ERIO 
=+(C,A) x (C,A) ‘i 
[P-]}" 
P a 
eT i | 
1 _— RAA, 1 


In An.Pr. 1-6, Aristotle proves the derivability in SYL of four second-figure 
syllogisms and of six third-figure ones. ® 


4 As is well known, the meaning of the word “syllogism” is ambiguous, referring both to valid 
inferences in general (so, including three-premisses, relational, or hypothetical syllogisms) and 
to the specific An.Pr. system, on which we will focus here. See at least [2, pp. 23ff.] and 
(14, pp. 30ff.]. Furthermore, a stricto sensu syllogism is defined by its pair of productive 
premisses, and not by its premisses plus its conclusion, see [11]. 

5 For Aristotle, first-figure syllogisms are perfect, second- and third-figure ones are not. 

® In 1973, Corcoran, in [3], and Smiley, in [13], (independently) present a reconstruction 
of assertoric syllogistic in ND form, inspiring other subsequent proposals, as [14], [7], and 
[15]. The first tree-form reconstructions appear in [16] and [4] (actually, an early tree-form 
perfection proof for CAMESTRES can be found in [5, p. 76]). 

7 y+/--IIt/~ 1 are presented in De Int. 17a33-b19 (they are actually eight but only the 
given four are used in perfection proofs), II~C in An.Pr. 25a6-7, I+ C in 25a7-8, U+C 
in 25a9-10, first-figure moods in An.Pr. b37-40, 26a1-2, 26a23-5, 26a25-6, LI in Metaph. 
1005b19-20, 1005b25-20, 1011b13-4, RAA in An.Pr. 41a23-32. 

8 Respectively, CESARE (27a5-8), FESTINO (27a32-7), BAROCO (27a37-b2), CAMESTRES 
(27b2-4), and DARAPTI (28a22-6), FELAPTON (28a26-30), DISAMIS (28b8-11), DATISI (28b11- 
3), BOCARDO (28b17-20), FERISON (28b31-6). For space reasons, we had to omit their re- 
constructed derivability proofs, which can be found in [1] or [16]. The reconstruction shows 
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3 The apodictic systems AP; and AP 


Aristotle’s modal syllogistic is universally considered as controversial and a 
variety of attempts for a consistent interpretation have appeared in the lit- 
erature.’ However, most of them focus on semantics, whereas we aim at 
reconstructing deductive systems and proofs as they are effectively presented 
in the source, without (at this stage) suggesting an interpretation. As for the 
assertoric fragment in [16], the apodictic system is directly obtained from the 
original text and perfecting proofs are straightforwardly reconstructed. This 
transparently shows them to be well-constructed, as Aristotle always applies 
his rules coherently. 

Syllogistic propositions are characterized not only by quality and quan- 
tity, but also by modality: assertoric, necessary and possible (25a1-2). The 
apodictic language is obtained by endowing the assertoric one with apodictic 
predication: S is necessarily P. 1° 


IIt[S, P] | W[S, P] | UTS, P] | = [S, P] 


Aristotle takes into account all the five possible combinations of modal and 
assertoric premisses. We will here analyze the purely- and mixed-apodictic 
fragments only. The treatment of purely apodictic logic is extremely concise. 
Apodictic conversions (25a26-36) and perfect syllogisms (29b35-30a3) are de- 
fined analogously to the assertoric ones. Purely-apodictic AP, is as follows: 


a = a BAjRBlalRla Tae 7S Clejulalate}r 

— ca D[ajRi) [x nea en 

ae aa B[a]r[o]c[o] tee B[o]c[A]rp[0] 
Differently from SYL, in AP, B[A]R[o]c[o] and B[o]c[A]rp[o] are primi- 


that Aristotle actually introduces two distinct, but equivalent (29b6-15), systems. The more 
economical one does not include ©+C, DAR and FERIO. Furthermore, no fourth figure exists 
and the 14 valid syllogisms do not include the, subsequently introduced, subaltern ones, as 
their premisses do not differ from those of the corresponding superaltern moods. 


9 It is communis opinio that Aristotle’s modal syllogistic raises several problems. Neverthe- 
less, many scholars have introduced formal model(s) offering reconstructions, usually partial 
(one exception is [6]). The literature on the topic is vast — for an updated status quaes- 
tionis, see [12, pp. 32-37] — but most of the works are focussed on giving a semantics for 
modal syllogistic (sometimes departing from text evidence). We avoid this and only present 
Aristotle’s words in a today more ‘digestible’ form. To the best of our knowledge, there is 
no work presenting Aristotle’s modal syllogistic as a ND-system and its completion proofs 
as tree-form derivations. The most resembling study seems to be McCall’s axiomatization 
(likewise showing Aristotle’s consistent use of his inference rules, [8, p. 95]). 


10 Modalities are not logical operators but part of the structure of the atomic formulas to 
which the four quantifiers are applied. 


6 The proof theory of apodictic syllogistic 


tive.‘' AP, derivability proofs are obtained as the corresponding assertoric 


(ostensive) ones. !* There are four second- and six third-figure moods. 
Mixed-apodictic syllogisms are such that one premiss is assertoric, the other 

apodictic and from them something apodictic is concluded. AP is obtained by 

adding to the rules of SYL and AP; first-figure mixed syllogisms (30a18-b2): 


+ + = + 
a STEN tore B[A]RBAR[A] Z Soe (SE) C[E]LAR[E|NT 
II” [B,A] u*(C,B) IT [B,A] =*(C,B) 
SFIGAl nee SGA ise 


Aristotle shows that there are nine imperfect mixed-apodictic syllogisms: three 
in the second figure and six in the third. Second-figure moods are C[E]SAR[E] 
(30b6-14), CAM[E]STR[E]S (30b14-9) and F[E]STIN[O] (31a1-11), which are 
(respectively) shown derivable as follows: '% 


TI+(C,A) 


C[E]LAR[E]NT 
TICB [E]LAR[E] 
For first let the privative be necessary and let it not be possible for A to belong to any B, 
but let A merely belong to C. Then, since the privative converts, neither is it possible for 
B to belong to any A. But A belongs to every C; consequently, it is not possible for B to 
belong to any C, for C is below A. [An.Pr. 30b6-14] 


ICA] TBA) 1 

IT [A,C] Ic II* (B,A) IT [A,B] o =*(C,A) 
— C[E]LAR[E]NT = F[E]R1[0] 
TBC TG [CB] 
IT [C,B] 


There is no mixed syllogism corresponding to BAROCO (31lal1-16). Third- 
figure D[A]JRAPT[I] (31a24-31), DAR[A]PT[I] (31a31-5), F[E]LAPT[O]N (31a35- 
8), D[A]TIs[1] (31b12-7), Dis[A]m[I]s (81b17-20) and F/E]RIS[O]N (31b33-6) 
are shown derivable respectively as: 


I+ (C,B) ay TI+(C,A) ae 
TIt[C,A] i+ (B,C) II*[C,B] »+(A,C) 
+ D/A] Ray] - D[A]R1{I] 
>+[B,A] =T|A,B) _, 
rear 
H(CBY. ie u(C,A) ate 
II [C,A] + (B,C) ea It [C,B] bt (A,C) 
= F[E]R1[0] D[A]Rq[I] 
Y [B,A] =* [A,B] 


1l Actually, the term variables of B[a]R[ ] and B[o]c[A]Rp[o] are respectively that of 
second- (N-M-X) and third-figure moods (S-P-R). 

12 For the derivations, see [1, pp. 83-88]. 

13 For space reasons, we compare our reconstruction with An.Pr. text for C[E]SAR[E]’s proof 
only, but for each derivation the corresponding source reference is quoted to make easily 
possible to check that these (correct) derivability proofs are genuinely Aristotelian. 


oO; 
Q 
° 
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StGA) | =t(C,B ood 
IicB) =t(a,c) ~ © Ir[c,A) =*(B,C) 
D{a]ri[] — F[E]R1[0] 
=*[A,B] x [B,A] 
eae ae 
St [BA] 


To conclude, Aristotle proves the derivability in AP of 14 assertoric, 14 
purely-apodictic, and 13 mixed-apodictic moods and each of his perfection 
proofs is correct. In the future, we aim at extending this analysis to the whole 
Aristotelian syllogistic and at presenting a unique and suited-to-study system 
for all modalities. Furthermore, this proof system(s) may both be used as a 
tool to help reconstruct Aristotle’s semantics and be developed, independently 
from its historical origin, in the context of Natural Logic. !4 
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Abstract 


A recent line of research has developed around logics of belief based on evidence [1,4]. 
One approach is based on [4] and understands belief as based on information con- 
firmed by a reliable source. We present the work introduced in [3] where we propose a 
finer analysis how belief can be based on information, where the confirmation comes 
from multiple possibly conflicting sources and is of a probabilistic nature. We use 
Belnap-Dunn logic and non-standard probabilities, to account for potentially contra- 
dictory information on which belief is grounded. We combine it with an extension of 
Lukasiewicz logic, or a bilattice logic, within a two-layer modal logical framework to 
account for belief. 


Keywords: epistemic logics, non-standard probabilities, Belnap-Dunn logic, 
two-layer modal logic. 


There are several proposals of logical frameworks in the literature allowing 
for non-trivial inconsistencies. Belnap-Dunn logic BD [2], also referred as First 
Degree Entailment was specically designed to deal with possibly incomplete 
and inconsistent information. One of the underlying ideas of this logic is that 
not only amount of truth, but also amount of information that each of the 
values carries matters. This idea was generalized by introducing the notion of 
bilattices [11,9], which are algebraic structures that contain two partial orders 
simultaneously: a truth order, and a knowledge (or an information) order. 

Belnap-Dunn four-valued logic BD, in the propositional language built using 
connectives {A,V,—}, evaluates formulas to Belnap-Dunn square — the (de 
Morgan) lattice 4 built over an extended set of truth values {t, f,b,n} (Figure 
1, middle). Following Dunn’s approach [7], we adopt a double valuation model 
M = (W,I-FT,IF-), giving the positive and negative support of formulas in 
the states, which can be seen as locally evaluating formulas in the product 
bilattice 2 © 2 (Figure 1 left), and thus in 4 (Figure 1, middle). BD logic has a 
simple axiomatization which is known to be (strongly) complete w.r.t. double 
valuation frame semantics. BD is also known to be locally finite. ? 


1 The research of Marta Bilkov4 was supported by the grant GA17-04630S of the Czech 
Science Foundation. The research of Sabine Frittella and Sajad Nazari was funded by the 
grant ANR JCJC 2019, project PRELAP (ANR-19-CE48-0006). The research of Ondrej 
Majer was supported by the grant GA16-15621S. 

2 It means there are only finitely many (up to inter-derivability) formulas in a fixed finite 
set of propositional variables. It affects the completeness of the logic in Example 0.1. 


2 Belief based on inconsistent information 


(1,0) 
(1,0) 
Hi a \ (0,0) i (1, 1) 
(0,0) (1, 1) n b , 
NI ele 
(0,1) f Ge 


Fig. 1. The product bilattice 2©2 (left), which is isomorphic to Dunn-Belnap square 4 
(middle), and its continuous probabilistic extension (right). Negation flips the values 
along the horizontal line. 


The idea of independence of positive and negative information naturally ge- 
neralizes to probabilistic extensions of BD logic. A probabilistic Belnap-Dunn 
(BD) model [10] is a double valuation BD model extended with a classical 
probability measure on the power set of states P(W) generated by a mass 
function on the set of states W.? The non-standard (positive and negative) 
probabilities of a formula are defined as (classical) measures of its positive 
and negative extensions: pT(~) := D7..+, m(s), PD (~) = Ven-y MS). 
Non-standard probabilities satisfy 0 < p(y) < 1, are monotone (resp. p™ (vy) is 
antitone) w.r.t. Fep, and p(pAw)+p(yVwv) = p(y)+p(%) [10, Lemma 1]. These 
axioms are weaker than classical Kolmogorovian ones and p* (>y) 4 1— pt (vy) 
in general which allows for a non-trivial treatment of inconsistent information. 
We can diagrammatically represent non-standard probabilities on a continuous 
extension of Belnap-Dunn square (Figure 1, right), which we can see as a pro- 
duct bilattice Ljo1j © Ljo,1;. For example, the point (0,0) corresponds to no 
information being available, while (1,1) is the point of maximally conflicting 
information. The vertical dashed line corresponds to the “classical” case when 
positive and negative support sum up to 1. 

We look at an agent who considers a set of issues represented by atomic 
variables, has access to sources providing information based on non-standard 
probabilities and builds beliefs based on these sources using some aggregation 
strategy. In many scenarios we can adapt aggregation strategies that have 
been introduced on classical probabilities: imagine for example a company 
that has access to a huge amount of heterogeneous data from various sources 
and uses software capable of analyzing these data. In this case it makes sense 
to consider aggregation methods that require some computational power. A 
natural strategy here is to evaluate sources with respect to their reliability and 
aggregate them by taking their weighted average. Another kind of agent is an 
investigator of a criminal case who builds her opinion on the guilt of a suspect 
based on different pieces of evidence. We first assume that all the sources are 
equally reliable and the investigator is very cautious and does not want to 
draw conclusions hastily. Hence, she relies on statements as little as all her 


3 The probability of a set X C W is defined as the sum of masses of its elements. 
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sources agree on them. The aggregation she uses returns the minimum of the 
positive and the minimum of the negative probabilities provided by the sources 
(min-min). If on the other hand the investigator considers all the sources being 
perfectly reliable, she accepts every piece of evidence and builds her belief using 
the max-max aggregation. 

To make a clear distinction between the level of information on which the 
agent bases her beliefs, and the level of reasoning about her beliefs, we use 
a two-layer logical framework. The formalism originated with Hajek [8], and 
was further developed in [5] into an abstract framework with a general theory 
of syntax, semantics and completeness. Syntax (L-,£u,M) of a two layer 
logic £ consists of a lower language £., an upper language £,,, and a set of 
modalities M which, applied to a non-modal formula of £., form a modal 
atomic formula of £,,. Semantics of a two layer logic £ is based on frames of 
the form F = (W, E,U, (u°)oem), where E is a local algebra of evaluation of 
£,. in the states, U is an upper-level algebra, and for each modality its semantics 
is given by the map p : Il.<w £ 7 U*. The resulting logic as an axiomatic 
system LC = (L-,M,L,,) consists of an axiomatics of L., modal axioms and 
rules M, and an axiomatics of L,,. 


Example 0.1 [Logic of probabilistic belief] In some scenarios it is reaso- 
nable to represent agents (partial) beliefs as non-standard probabilities. In 
this two-layer logic, the bottom layer is that of events or facts, represented by 
BD-information states. A source provides probabilistic information given as a 
mass function on the states. The modality is that of non-standard probabilistic 
belief, the top layer — the logic of thus formed beliefs — is based on the following 
extension of Lukasiewicz logic L [6]. 

We consider the product of the standard algebra of Lukasiewicz logic 
[0,1Jn = ((0,1],A,V,&z,—-2) with [0,1]7? = ([0,1]9?,V,A,@z, On), which 
arises turning the standard algebra upside down: it is an MV algebra 
(0, 1Jn x [0,1]? = (0, 1] x [0, 1]??,A,V,&,—), where (1,0) is the designated 
value. Its logic is Lukasiewicz logic L. We extend the signature of the algebra 
with the bilattice negation —(a,,a2) = (a2,a,), and extend the language to 
{>,~,7}. We obtain the following axioms and rules, denoting the resulting 
consequence relation Fy 4): 


a> (Ba) ana ea 
(— B) > (8 9) (@ +9) INL <> 0, 
((a + B) > B) > ((B > a) > a) (wna: + 8) 4 ~o(a > 8) 
(~B + ~a) + (a+ B) ma B/B alana 


We can provide a reduction of Fy.) to provability in L and show that the 
extension of L by - is conservative. Using finite completeness of L, we can 
prove that L(-) is finitely strongly complete w.r.t. [0, 1], x (0, 1]7”. 


4 For this paper, we always consider the lower algebras be all the same. But different algebras 
can be later used when modelling heterogeneous information. We write algebras, but often 
we use matrices, i.e. algebras with a set of designated values. 


4 Belief based on inconsistent information 


The two-layer syntax consists of £. = {A, V, 7} language of BD, M = {B} 
a belief modality, and L, = {-,~,7} language of L(-). The intended 
frames are F = (W,4, [0,1] x [0,1]7?, w?),° where u? is computed as fol- 
lows. A source is given by a mass function on the states m : W — [0,1]. 
Given e € [J ,cw 4, uw? computes the following sums of weights over states: 
P(e) = (de ert,b} MY), Ve ergo} M@(v))- Thus, for a non-modal formula 
y € Le, applying u? to the tuple of its values in the states, we obtain the 
value of By in [0, 1p x [0, 1]7? as a pair of its non-standard positive and nega- 
tive probabilities (>, .+,,m(v), 2 yn-, ™(v)) = (Pt (¢),P (~))-® 

The modal part M consists of axioms and a rule reflecting the axioms of 
non-standard probabilities: 


Bev yd) 3 (BeO BlyAYy))@By Bog By 

Yp Kep w/ PEG) Boy =F. By 
The resulting logic is (BD, M,L(-)). As BD is locally finite and strongly com- 
plete w.r.t. 4, and L(-) is finitely strongly complete w.r.t. [0, lJ, x [0, 1]??, we 
can by [5, Theorems 1 and 2] conclude that (BD, M,L(-)) is finitely strongly 
complete w.r.t. 4 based, [0,1]: x [0,1]??-measured frames validating M. In 
such frames, 1? interprets B as a non-standard probability. From [10, The- 
orem 4], we know that it is the induced non-standard probability function of 
exactly one mass function on the BD states, which in fact yields complete- 
ness w.r.t. the intended frames described above. Since the (weighted) average 
aggregation of non-standard probabilities yields a non-standard probability, 
(BD, M,L(-)) is also adequate to capture frames with multiple sources such 
that w? : P([] cw 4) > [0, l]z x [0,1]?? computes the (weighted) average of 
the probabilities given by the individual sources. 

Alternatively, we can take £L, = {A,V,M,U,C,7,0} as the language of 

the product residuated bilattice [0,1], © [0,1], = ([0,1] x [0,1],A,V,,U,> 
4, (0,0)), defined in the spirit of [9] (considered as a matrix with F = {(1,a) | 
a € [0,1]} being the designated values). With a little work, we can define 6,9 
and use literally the same modal axioms M as above. 


Example 0.2 [Logic of monotone coherent belief] The intended frames 
are F = (W,4,Lo1) © Lio), ?) where Ljo 1; © Ljo,1) is the bilattice on Figu- 
re 1 (right), we have multiple sources and yw? : P([] cw 4) 4 Lyo1j) © Ly 
computes the min-min (max-max) aggregation of the probabilities given by the 
individual sources. In general this does not yield a non-standard probability, 
only the interdefinability of positive and negative support via negation is pre- 
served. This motivates considering logic (BD, M,BD), where the modal part 
M consists of the axiom and rule 


B-y pp, ABe 2) Feb. w/By Feb, Bw. 


5 Formulas of Le are evaluated locally in the states of W using 4, as in the frame semantics 
for BD. 

6 The value of y in v being among {t,b} means it is positively supported in v, i.e. v IFT gy. 
Similarly for negative support. 
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As BD is strongly complete w.r.t. both 4 and Ljo1) © Lyo,1), 7 we obtain that 
(BD, M, BD) is strongly complete w.r.t. 4-based Lyo,1] © Ljo,1;-measured frames 
validating M.° 


Further directions. A natural aggregation strategy to consider would be 
Dempster-Shafer combination rule [12] (which is problematic in cases of high 
conflict, because it can provide counter intuitive results) adapted to the BD- 
based setting. As a source does not often give an opinion about each formula 
of the language, we need to account for sources providing partial probability 
maps. Another quest is to capture dynamics of information and belief given by 
updates on the level of sources, and to generalize the framework to the multi 
agent setting, involving group modalities and dynamics of belief. Specifically, 
forming group belief, including common and distributed belief, will involve 
communication and/or sharing and pooling of sources. It might also call for 
a use of modalities inside the upper logic to account for reflected beliefs, in 
contrast to the beliefs grounded directly in the sources. 
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Abstract 


Multiple arguments that Propositional Dynamic Logic has Craig Interpolation have 
been published, but one has been revoked and the status of the others is unclear. 
Here we summarise a proof attempt originally written by the first author in German 
in 1988. We also make available the original text and an English translation. 

The proof uses a tableau system with annotations. Interpolants are defined for par- 
titioned nodes, going from leaves to the root with appropriate definitions for each 
rule. To prevent infinite branches generated by the * operator, additional marking 
rules are used. In particular, nodes are also defined as end nodes when they have a 
predecessor with the same set of formulas along a branch with the same marking. 
We end with open questions about the proof idea and connections to more recent 
related work on non-wellfounded proof systems. 


Keywords: Propositional Dynamic Logic, Craig Interpolation, Tableau. 


1 Introduction 


Propositional Dynamic Logic (PDL) from [4] is a well-known modal logic which 
is both expressive and well-behaved. PDL can express common programming 
constructs such as conditionals and loops, but also has a small model property. 

A logic has Craig Interpolation (CI) iff for any validity ¢ — w there exists 
a formula @ in the vocabulary that is used both in ¢ and in w such that ¢ > 6 
and @ > w are valid. The formula @ is then called an interpolant. 

For PDL the vocabulary includes atomic propositions and atomic programs. 
For example, [(AU B)*](p A q) > [(B; B)*|(q¢ Vr) is valid in PDL and [B*]q 
is an interpolant for this validity. But whether such interpolants always exist, 
i.e. whether PDL has CI, has been studied for more than four decades and is 
still unknown. The key challenge is how to systematically find interpolants for 
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validities involving the star operator a* which denotes arbitrary finite iteration 
of a program a. There have been at least the following three proof attempts: 


¢ Daniel Leivant in [10] from 1981. This article presents a sequent calculus 
including a rule for * with infinitely many premises. This rule is then 
replaced with a finitary rule and an intuitionistic variant of the system 
is defined. Interpolation is then shown in the intuitionistic system using 
Maeharas Method, defining interpolants for each node in a proof [12, p. 33]. 
Interpolants for * are defined via fixed points of matrices of programs. 

In [9] it is said that it was not “possible to verify the argument” and 
claimed that the finitary rule is problematic. But the rule can be validated 
using the finite model property of PDL, as argued in [5]. Still, other parts 
of the argument, e.g. the translation to the intuitionistic system, seem 
problematic. As far as we know, the status of this argument is currently 
unknown [6]. 


¢ Manfred Borzechowski in [2] from 1988. The idea here is similar to [10], 
but using a tableau system instead of a sequent calculus. This text is also 
criticised in [9], but without any specific argument. 


¢ Tomasz Kowalski in [7] from 2002. This algebraic proof was officially 
retracted [8] in 2004, after a flaw was pointed out by Yde Venema. 


The correctness of the first two texts is still the subject of discussions. In this 
note we summarise the proof attempt from [2]. This diploma thesis was written 
under the supervision of Wolfgang Rautenberg at FU Berlin, but not published. 
Together with this summary we make available the original German text and 
an English translation at https://malv.in/2020/borzechowski-pdl. Page 
numbers refer to the German text, but are also shown in the translation. 

We use the following notation: p,q, etc. are atomic propositional variables, 
P,Q, etc. are formulas from P ::= p| AP. | PAQ | [a]P. Moreover, A, B, etc. are 
atomic programs and a, b, etc. are programs from a ::= A | a;a|aUa|a* | P?. 
We do not repeat the semantics for PDL here — see the original page 6 or [4]. 

Section 2 provides an overview of the tableau system, Section 3 describes 
the main idea how to define interpolants, and Section 4 lists open questions. 


2 Tableaux for PDL 


The system is defined below. We read rules top-down and use ...” for 
branches. The Boolean rules and those for PDL constructs besides * are stan- 
dard. The critical rule (At) for atomic programs uses X4 := {P | [AJP € X} 
which corresponds to a transition to another state in a Kripke model. 

To deal with the * operator and to prevent infinitely long branches, the 
system uses the following two non-standard features and extra condition 6. 


“ | 


Nodes with n-formulas. The (77) rule is essentially a diamond rule for the 
* operator. It also replaces * by the string ‘(n)’. Formulas with ‘(n)’ are n- 
formulas, in contrast to normal formulas. An n-formula becomes normal again 
by extra condition 1, which applies iff an atomic modality is reached. 
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Markings. Formulas can be marked with other formulas as upper indices, 
using the loading rule (17+). Nodes with marked formulas are called loaded, in 
contrast to free. Markings can be removed or changed by (M-—), (77) or (7). 


Definition 2.1 A PDL tableau is a finite tree generated according to the fol- 
lowing rules and in addition adhering to the seven extra conditions below. 
The classical rules: 


X;34P X;PAQ X;73(P AQ) 
XP “RQ OSAP KO 
The local rules: 
X;-[aU b]P X;-[Q?|P _\ X;-1[a;b]P 
PO See |) eae ' wose: 8 eae 
X; [aU b|P X;[Q?|P _\ X3[a;6)P 
Ose Oasq mr xa 
Es X;—-[a*|P Gi) X;[a*|P 
XP | XsofalaP 8X; Ps [alla] P 


The PDL rules: 


X;—7[a9]...[a,]P 


M+) X: [a0]... [an|P® X free the loading rule, 
M-) sag “lalP* the liberation rule, 
X;-7[a]P 
At) coal the critical rule. 
X4;7PR\P 
The marked rules (where ...”\? indicates that R is removed iff R = P): 
(<u) X;7[a Ud] P® (-) X;7[a; b|P? 
X;-[a]P® | X;—[b]P* ‘ X;—[a][]P* 
= X;ola"JPP ny Sinton? 
RPM | lalla |p? © PEO PIE, 


aun fF wn 


. Instead of a node X;-—[A]P or X;[A]P with an n-formula P we always 


obtain the node X;—[A]f(P) or X;[A]f(P), respectively, where f(P) is 
obtained by replacing (n) with x. 


. Instead of a node X; a‘ ]P we always obtain the node X. 


A rule must be applied to an n-formula whenever it is possible. 


. No rule may be applied to a [a ]-node. 


To a node obtained using (4+) we may not apply (M—). 


. If a normal node t has a predecessor s with the same formulas and the 


path s...t uses (At) and is loaded if s is loaded, then s is an end node. 


. Every loaded node that is not an end note by condition 6 has a successor. 
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Claim 2.2 The system from Definition 2.1 is sound and complete for PDL. 


The full completeness proof is contained in sections 1.8 to 1.10 of the original 
text. The main idea is to construct a Kripke model from an open tableau. 


3 Interpolation via Tableaux 


We claim that the tableau system can be used to show interpolation. We first 
define interpolants for partitioned sets of formulas. A partitioned set X is a 
disjoint union of two subsets X1, X2. We write it as X = X1/Xo. 


Definition 3.1 A formula @ is an interpolant for a partitioned set X,/Xo iff 
@ is in the vocabulary of that is used in both X,; and Xz and the two sets 
X,U {76} and {0} U X2 are both inconsistent. 


Corollary 3.2 A formula 0 is an interpolant for a validity ¢ > W iff 6 is an 
interpolant for the partitioned set X1/X2 given by X, = {db} and X2q = {>v}. 


To find an interpolant for a validity ¢ > w we start a tableau with ¢/-=w 
as its root. This tableau is built as usual from the root to the leaves, applying 
the rules to partitioned sets. Then we go in the opposite direction: starting 
at the leaves, we define an interpolant for each node. Depending on the rule 
which was applied, we use the interpolant(s) of the child node(s) to define a 
new interpolant for the parent node. In addition, the interpolant might depend 
on whether the active formula in a rule application is in the left or right side 
of the partition. As mentioned above, this is similar to Maehara’s Method for 
sequent calculi [12, p. 33]. We discuss two rules as examples here. 
Interpolating (=U). Suppose we use (—U) in the right set. Given two inter- 
polants 0, and 6, for X,/X2;7[a]|P and X,/X2;-[b|P respectively, we define 
the new interpolant 6 := 6,6» for the parent node X1/X»2;7[aUb]P. Similarly, 
on the left side we would use 0 := 6, V 6 for X1;7[a U b]P/Xo. 
Interpolating (At). Suppose we use (At) in the left set to go from a parent 
node —[A]¢;¥1/Y2 to a child node 7¢; (Yi) ,/(Y2),. Suppose #4 is an inter- 
polant for the child node. Then 74; (Y1) ,4;704 and (Y2) ,4;@4 are inconsistent. 
We now want an interpolant for the parent, ie. a @ such that —[A]¢; Yi; 70 
and Y2;6 are inconsistent. A solution is to set @ := (A)@,4, unless Y2 is empty, 
in which case we are not allowed to use A, so we ignore 04 and let 6 := L. 
Similarly, if (At) is applied in the right set we use 6 := [A]@,4, unless Z; is 
empty, in which case we let 6:=T. 

We refer to the original text for two examples. A closed tableau for the set 
{=|(A U p?)"]q, [A*]q} is given on page 29 and an interpolant for [(A; A)*](p A 
[A; (BUC)]0) > [A*](p V [C]q) is computed in Section 2.4: [A*](p V [C]0). 


4 Open Questions 


The previous two sections provide only a high-level overview of the argument. 
To verify it completely we will further study the following two main questions: 


¢ How exactly are the existence lemma and completeness of the system 
shown? In particular, what is the role of first free normal successor nodes? 
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¢ How are interpolants defined for end nodes due to condition 6? The orig- 
inal text uses the extra tableaux J! and T’ for this, what is their role? 


If the proof can be verified, there are of course further questions: 
¢ Can we simplify the proof to only consider test-free PDL? 


¢ How does the system compare to recent work on infinitary and non- 
wellfounded systems, such as [1] for y-calculus and [3] for PDL? 


¢ Can interpolation be efficiently implemented into an automated prover? 
We have started to implement parts of the given system, similar to how 
the star-free fragment of [10] was implemented by [11]. 


To conclude, we hope that this summary will help to further scrutinise the 
proof and encourage the interested participant of AiML 2020 to contact us. 
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Abstract 


This paper answers a problem left open in Fitting’s [2] by showing that the quantifier- 
free calculus FOIL extended with axiom B: A — OOA is characterized by symmetric 
models with constant domains. The problem in brief: how can we have constant 
domains without the Barcan Formula? 

First, it is shown that, thanks to axiom B, an inductive set of rules CD(k), for 
k EN, is derivable. Then, it is shown that this set of rules enables a constant domain 
Lindenbaum-Henkin construction, thus proving the completeness of FOIL.B. 


Keywords: FOIL, symmetry, axiomatic system, completeness, canonical model. 


1 Introduction 


FOIL is a family of two-sorted first-order modal logics containing both object 
and intensional variables where the abstraction operator A is used to talk about 
the object (if any) denoted by an intension in a given world. 

In [2] an axiomatization of FOIL based on the quantifier-free language is 
introduced by M. Fitting and “is shown to be complete for standard logics 
without a symmetry condition” [2, p. 1]. “It would be interesting to know if 
a complete axiomatisation of FOIL can be given [...] using [...] propositional 
modal logics involving a symmetric accessibility relation.” [2, p. 21]. 

We show, Lemma 3.3, that, thanks to axiom B, an inductive set of rules 
CD(k), for k € N is derivable and that these rules allow a constant domain 
Lindenbaum-Henkin construction. The completeness of FOIL.B follows. 

As to the semantics, we slightly generalize Fitting’s semantics by adding a 
set of labels, one for each intension, to the effect that any two intensions are 
different even if they map the same worlds to the same objects. This has no 
effect on truth and solves the problem noted in [3], see Remark 4.8. 


2 Syntax and Semantics of FOIL 


Syntax. We consider a signature containing, for each n,m € N, a count- 
able set of n + m-ary relational symbols, denoted by P™™,R™™...The lan- 
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guage contains a denumerable set of object variables OBJ (x,y, z,) and one 
of intensional variables INT (f,g,h). The logical symbols are L,—> 
£-formulas are generated by: 


As= P™™(a1,...,%n,fi,---,fm)|e=y|L| A A|GA|OaA)f  (L) 


9 = 


The symbols T,7,A,V,<@,© and # are defined as usual, and the formula: 
Df abbreviates (Axv.T)f and expresses ‘f designates’. (Def. D) 


By Aly/x] we denote the formula that is obtained by substituting each free 
occurrence of x in A with an occurrence of y, provided that y is free for x in 
A. The formula A[g/f] is defined analogously. 

Semantics. A model isatuple M=(W,R,Do,Dzt,D1,V) where: 
(i) (W, R) is a symmetric frame; 
(ii) Do is a non-empty set of objects; 
(iii) Dz, is a non-empty set of labels fF, Peek. 
(iv) Dy is a set of intensions such that, for each é> € Dy, Dy contains a 


partial functions f: W — Do x Dx; where, if fis defined for w € W, then 
f(w) = (0, £5), for some o € Do, if f is not defined for w € W, then f(w) = brs 
(v) V is a valuation function such that V(P™™,w) C (Do)” x (Dr)™ and 
V(=,w) = {(0,0) :0 € Do}. 

An assignment is a function 0 mapping individual variables to member of 
Do and each intensional variables to members of Dy. o7°° (a/°*) behave like 
o except for x (f) that is mapped to 0 € Dy (fe Dr, respectively). 


Satisfaction of a formula A in a world w of a model M under an assignment 
a, to be denoted by o EK A (co -, A, for short), is defined standardly for 
atoms and for « = y, L,B > C,OB, and it is thus defined for (Aw.A) f: 


o Kw (Av.A) f iff o(f)(w) is defined and o®7(f)() EA 
If o(f)(w) is not defined, then o Fy (Av.A) f; o Ew Df iff o(f)(w) is defined. 


A formula A is true in a world w, EM A, iff for all o, o KM A; A is true in a 


model, E™ A, iff for all w, KM A; A is valid, — A, iff for all M, E™ A. 


3 Axiomatic system 


Definition 3.1 FOIL.B is defined by the following axioms and rules [2]: 


(i) All propositional tautologies (vii) c=2 
(ii) O(A > B) > (OA > OB) (viii) « = y > (P[x/z] — Ply/z)), 
(iii) (Aw.A > B)f > ((Ae.A)f 3 (Ae.B)f)  P atomic formula; 
(iv) (Av.A)f > A,x not free in A (ix) t=y> O(@=y) 
(v) (Av.A)f > (Ay-Aly/2])f, (x) cAy—> O(a Fy) 
y free for x in A (xi) Df > Qy. (2.2 = y) f)f 
(vi) Df > ((Av.A) f V (Az.7A) f) (B) A> OCA 
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A A+B 
B 


Ay A-~B 


A (\x.A) f > (\x.B) f 
Lemma 3.2 ((2, Proposition 4.1]) Let FOIL be FOIL.B minus axiom (B), 


MP 


A-reg 


(i) Frow Df 3 (a(Aa.A) f & (Av. A) f) 
(ii) Feow (Av.A) f < (Df A A) provided x not free in A 
(iii) Fron (Aya =) fA (Ay.2 = 9) f) > (@ = 2) 


Lemma 3.3 The inductive set of rules CD(k), k € N, is derivable in FOIL.B. 


(Ay ADf > (Au.a # y)f)..-) 
(Ai >--- > O(Axy > -Df)...) 
Proof. We first prove that the rule CD(0) is derivable in FOIL. 


Ao ADf > (Ava #9) f 
(Ay-Ao)f > [Ay,2.T)f.f > Ay, v2 Ay) ff] 


Ap > 


(Ay G++ 
Ao > 


CD(k), k EN, y not free in A; 


Assumption 
Ax. (i), Def. D, A-reg 


Ao ADf > [Df A (Ax.T)f > (Ay, x.a 4 y) fF] Lemma 3.2(ii) 
] Def. D 
Ao > [Df > Oy, 2.2 Ay) ff] Axiom (i) 


Ao > [Df > >(Ay, v.2 = y) ff] 

Ao > [Df > ay, 2.2 = y) ff] Axiom (xi) 

Ao > =Df From (f) and (g) 
As is well known, the following rules are derivable from axiom B: 


OA>B > i, 
Aap SA > B DRB' 


CD(2) is derivable by the help of these rules: 


) 

: Ao \Df > [Df ADf > (Ay, a.2 4 y)f.f 
) Lemma 3.2(i) 
) 

) 


Ao > O(Ai > 


(A2 ADf > (Axa # y)f)) 


(CAo A A1) > 


(AoA Df > (Az.x 4 y)f) 


(Ao A Ai) x 


Ag > (Df > (Az.x # y)f) 
Ao) > -Df 


Assumption 
DRB'+ axiom (i) 
DRB'+ axiom (i) 
CD(0) 


) 
) 
) O(OA0 A Al) A 
) 
) 


(CAo A Ai) > 
Ao > 


(Ag => -Df) 
(A2 > -Df)) 


Analogously CD(k) is derivable for all k € N. 


Axiom (i)+DRB 
Axiom (i)+DRB 


(At > 


4 Completeness 


We prove strong completeness by the usual Henkin-style technique, cf. [1]. Let 
P be a denumerable set of fresh object variables (to be called parameters) and 
let L? be the language obtained by adding the set P to £ and by imposing 
that parameters cannot be bound by \. We use L (L’) to the logic FOIL.B over 
the language £ (L?, respectively), and A for a set of £?)-formulas. 


iff A iP ple 

e A is L?-complete for all AE LP, either AC Aor 7A EA. 

¢ Ais O*-P-rich iff if AgAO(ALA---AO(A, ADfF)...) € A then 
ApAO(ALA:  -AO(ARADSA(Aa(a = p)) f)...) € A for some p € PUOBJ. 

° A is OF-P-inductive iff Ay + O(A, > --- > O( A, ADF > (Aza ¥ p) f)) 
€ A for all p € PUOBJ only if Ap — O(A1 > --- 4 O(A, 3 ADS)...) EA. 


¢ A is L?-consistent 
iff 


Definition 4.1 
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* Ais £L”-saturated iff it is L?-consistent, £’-complete, and ©*-P-rich (Vk € N). 
Lemma 4.2 If A is L?-saturated, then it is O*-P-inductive for all k € N. 


Lemma 4.3 (Lindenbaum-Henkin) Jf A is an L-consistent set of formu- 
las of L, then there is an L’-saturated set A*, for some denumerable set of 
parameters P, such that A* D> A. 


Lemma 4.4 (Diamond-lemma for L) [fw is an L’-saturated set of formu- 
las and ©A € w then there is a set v of L’-formulas such that: 


(i) v is LP-saturated; 

(ii) AE vu; 

(iii) v DO (w), where O-(w) = {A: DA € w}; 

(iv) for eacha € PUOB, [alu = [aly, where [a], ={b:a=be w}; 


Proof. Let Bo, By, Bo,... Bn, Bri... be an enumeration of all L?-formulas. 
° Ao = G7 (w)U {4}; 
¢ Given A, and B,, we define A,,41: 
(i) If A, U {By} is not L?-consistent, let Angi = An U {7Bn}; 
(ii) If A, U{B,} is LP-consistent, we distinguish two cases: 

(a) If B, = Ap AO(ALA-+- A O(An ADS)...) for some Ap,..., Ax, let 
Anti = AnU {Ap A O(A1 A+: A O(AR A DF A (Ata = p)f)...)} 
for some p € PUOBJ such that the resulting set is L?-consistent; 

(b) Else, Angi = Ay, U {By}. 


Lemma 4.5 Each element of the chain Ao, Ai,...,An,-.. is L?-consistent. 


Proof. Ag is L’-consistent by modal reasoning. Assume, by induction hy- 
pothesis, that A,, is L?-consistent. We consider only case (ii) (a). 

Suppose by reductio that there is no p€ PUOBJ such that the set 
A, U {Ap A O(AL A+++ A O(Ag A Df A (Az.x = p)f)} is L?-consistent. Then, 
for allp € P, A, Fue (Ao AO(ALA--- A O(AR ADS A (At.a = p) f)) > L. By 
modal reasoning A, Fie (Ag > O(A1 > ++: 3 O(An ADS > 7(Aan.a@ = p) f)). 
By Lemma 3.2(i), An Fle (Ao > O(A1 > ++: 3 O(An ADS > (Ax.a F p)f)). 

Moreover, A, is just O7(w) U {Ci,...Cm} for some finite set of formulas 
{C,,...Cm}, therefore, where C = C1 A---A Cn, 
(w) FLp CA Ap 3 O(Ay > +++ 3 O(AR ADS > (Az.a # p) f)) for all p € 
PUOBJ. Thusw yp O(C A Ag > O(Ay > +++ 3 O(AR ADS > (Ax.x ¥ p) f)) 
for all p€ PUOB,, and, for all p € PUOBJ, 
wkyp T>O(CA Ap > O(A, 9 +++ 3 OAR ADF > (An.a # p) f))). 
Since w is LP-saturated, by lemma 4.2, w is O/-P-inductive for all 7 € N, 
hence, in particular w is O*+!-P-inductive, therefore 
wip T>O(CA Ap > O(A, > --- > O( Ax > =DF))). 
It follows that wip O(C A Ap > O(A, > --: 4 OCA, — =Df))), 
(CA Ap > O(A, > +--+ > O(A,  -=DS))) € G7 (w) 
An Fie Ao > D(A > --: > O( Ax > =DS)), 
But this contradicts the L?-consistency of A, U {By}. 
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Let v = GRE A,,. The set v is L?-consistent and satisfies all the properties of 


the lemma. 

Definition 4.6 Let us consider the frame (G', R) where: 
e G! is the class of all £?-saturated sets of formulas of £” for some denumerable 
set of parameters P; e wv iff O-(w) Cv. 


This frame is likely to be composed of a number of parts, each completely 
isolated from any of the others. Following [4, p. 78], a cohesive frame is one in 
which, for every w,w’ € Wt, w(RU R7!)"w’ for some n > 0. 


Definition 4.7 [Normal canonical model] A normal canonical model for L is 
a tuple Mt = (W!, R, Do, Dt, Dr, V), where: 


e (W!, R) is any of the cohesive frames of which (G‘, R) is composed; 
Do = {[alw : for some w € W", where a € OBJ U P}; 
Dy = {l7: f € INT}; 


D; = {f: le € Dy}, where, for all w € W+, if Df € w, then, for some 
[p] € Do such that (Ay(y = p)f € w}, f(w) = ([p], 7); else f(w) = &>. 
the valuation V is a function with domain W! that is such that: 
Viens w) = {([ai1]w, ee) [anlw; fis eae , fm) : Pay, soy On; fi, eee fim € wh. 
V(=",w) = {([a], [a]) : where a € OBJ UP }. 

Remark 4.8 Do is well defined because the frame (W', R) is cohesive and so 
for every w,v € W', [a], = [a]y, in fact {b: (a2 = b) Ee w} = {b: (a =b) € v} 
thanks to axioms (ix) and (x). So we can write [a] instead of [a] . 

Dy is well defined because if Df € w there is at least ap € PUOBJ such 
that (Ay.y = p)f € w since w is ©°-P-rich, moreover such a [p] is unique, in 
fact, by Lemma 3.2(iii), FL [(Ay.p = y) f A yp’ = y) f] > (p =p’). 

Moreover, we avoid the problem noted in [3] of mapping two distinct inten- 
sional variables satisfying different formulas to the same intension: if f ¥ g, 
then €¢ A €, and, therefore, f and g will be assigned to different intensions 
even if ((Av.2 =p)f € w) iff ((la.z =p)g € w), forallweWw'. 


Lemma 4.9 (Truth lemma) Let M' be a normal canonical model for L and 
let o be the canonical assignment such that o(a) = [a] and o(f) = f. For all 
weéeW! and for all formula A of L?, o EM A iff Aew. 

Theorem 4.10 Any FOIL.B-consistent set of formulas is satisfied (under the 
can. ass.) in some world of a symmetric canonical model with constant domain. 
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Abstract 


We outline benefits of formalizing a proof system for hybrid logic in the proof assistant 
Isabelle/HOL, showcase how the process of formalization can shape our proofs, and 
describe our current work on formalizing completeness of a more restrictive system. 
Formalization: https: //devel.isa-afp.org/entries/Hybrid_Logic. html 
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1 Introduction 


Basic hybrid logic extends ordinary modal logic with nominals, a special sort 
of propositional symbol true at exactly one world, and satisfaction statements, 
@;¢, which are true if and only if the formula ¢ is true in the world named by 
nominal 7. The well-formed formulas of the basic hybrid logic are defined as 
follows, where x is a propositional symbol and we use i, 7, k, a,b for nominals: 


o,Hu=2|t| | oVP|Oe| Qe 


The language is interpreted on Kripke models 92, consisting of a frame 
(W, R) and a valuation of propositional symbols V. Here W is a non-empty set 
of worlds and R is a binary accessibility relation between them. To interpret 
nominals we use an assignment g mapping them to elements of W; if g(z) = w 
we say that nominal 7 denotes w. Formula satisfiability is defined as follows: 


Mig,wex iff weéeV(z) 

Mgw ei if g(t)=w 

M,g,w EK 7Ad if Mg,wAko@ 

MogaweEeovw if MawEdorMawey 
MgwkE Od iff for some w’, wRw’ and Nt,g,w’ KE @¢ 


We have just presented basic hybrid logic using (semi-formal) natu- 
ral language, but we could have presented it using a proof assistant like 
Isabelle/HOL [7] instead. This forces us to be more precise: we would have to 
define hybrid logic in the proof assistant’s logic (here, higher-order logic). But 
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we can then do our metatheory in higher-order logic and machine check its cor- 
rectness. This leaves no room for ambiguity or mistakes since every statement 
compiles to the primitives of the proof assistant (that we trust to be correct). 
Of course, we will have to supply more proof detail which can result in more 
verbose proofs; nonetheless, used skillfully, formalization can help guide our 
exploration of metatheory, and suggest new ideas, as we hope to show. 

Hybrid logic has received little such treatment. Doczkal and Smolka for- 
malize hybrid logic with nominals but no satisfaction operators in constructive 
type theory using the proof assistant Coq. They give algorithmic proofs of 
small model theorems and computational decidability of satisfiability, validity, 
and equivalence of formulas [3]. In Isabelle/HOL, Linker formalizes the seman- 
tic embedding of a spatio-temporal multi-modal logic that includes a hybrid 
logic-inspired at-operator but has no proof system [6]. The present work is the 
first sound and complete formalized proof system for hybrid logic that we know 
of. We have briefly described an earlier version of the formalization in a short 
paper for an automated reasoning audience [4], but that paper did not cover 
the notion of “potential” for restricting the GoTo rule. 


2 Seligman-Style Tableau System 


The proof system must handle the fact that a hybrid logic formula is true 
relative to a given world. Figures la and 1b depict two strategies for this. 


0. a 
G 1. 7A(7Q;¢ V @;¢) 0 
@Qi1 P1 2. Qo (-v) 1 [1 
Qige 0) 3. 3Q;¢ (av) 1 [2 
; 5. a GoTo 2 
es J 6. = (=@) 3 [3 
iv 1 (2 é (@)4 [4 
: ; v, 
(a) Internalized. (b) Seligman-style. (c) Seligman-style tableau example. 


Fig. 1. Tableau styles. (c) displays potential in the fourth column. 


Internalized tableau systems work exclusively with satisfaction statements 
while the Seligman-style tableau system handles arbitrary formulas, giving a 
more local proof style, by dividing branches into blocks of formulas that are all 
true at the same world. Each pair of blocks is separated by a horizontal line 
and every block starts with a nominal dubbed the opening nominal, denoting 
that world. We call a block with opening nominal 7 an “?-block.” 

Figure 2 gives the tableau rules. Every rule has input formulas above the 
vertical line(s) and output below. The output of GoTo is a new block with 
corresponding opening nominal, while the other rules extend the last, so-called 
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“current” block. When a rule has multiple input formulas we write them next 
to each other. Above each input formula, we write the opening nominal of the 
block it occurs on. Similarly, the opening nominal of the current block is the 
first thing below the horizontal line. Any formula on the current block may be 
used as input under the same restrictions on opening nominals. The system 
resembles (and simplifies) the one developed by Blackburn et al. [1], notably 
by having single-input (@) and (4@) rules and assuming that all blocks have 
an opening nominal causing us to omit a rule. 

Figure lc gives an example tableau for the formula =@;¢ V @;¢ which is 
negated and placed on a block with an arbitrary opening nominal. Note how 
the GoTo rule switches perspective to the world denoted by 7 while consuming 
a unit of potential in the fourth column. 


a a 
a a a a 
ova ate) a6 ui 06 oF 
a a 
. 2 « & 4 
fe 'X 
ag Oi 
Q ~ = Q @;¢ 1Qip 
(Vv) (-V) (47) (o)? (40) 
b ba a 4 b b 
io i a¢ Que 7Qag 
a ie a a a 
| | | | 
e x ? ng 
Nom GoTo? Closing (@) (=@) 


! ¢ is fresh, ¢ is not a nominal. 
2 4 is not fresh. 


Fig. 2. Tableau rules 


We formalize this proof system as an inductive predicate, +, in Isabelle 
by specifying for which branches | holds. For example, the closing condition 
becomes the following code that allows you to close any branch where, for some 
p and i, both p and 7p occur on i-blocks (“at ¢”) in the branch: 


Close: (p at i in branch => (7 p) at i in branch => nF branch) 
Here, n is the “potential” from Figure 1c. After defining all cases we can 
type in a closing tableau and have the computer check that every rule is applied 


according to our definition: we get a proof checker for free. Moreover, we can 
machine verify proofs of soundness and completeness. 
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3 Rule Induction 


When we define the proof system, Isabelle provides a principle for proving 
statements by induction on the construction of a closing tableau. We consider 
a special case of the principle here, which is used to show lemmas of the form 
“if the branch © closes then so does f(Q)” where f is some transformation of 
the branch. Examples of transformations could be to rename nominals or to 
omit redundant occurrences of formulas. 

The induction principle then instructs us, for each rule, to assume that the 
branch extended by that rule’s output has a closing tableau when transformed 
and show that a closing tableau exists without the extension, typically by ap- 
plying the rule in question. For instance, in the (=—) case we assume, first, the 
premise of the rule, that ~7@ occurs on an a-block in © where a is the opening 
nominal of the current block. Second: we assume as induction hypothesis that 
the transformation of O extended by ¢ has a closing tableau. To prove the case 
we need to show that the transformation of just O has a closing tableau. 

This induction principle is our motivation for rephrasing the following re- 
striction on the proof system by Blackburn et al. [1]: 


Original R4 The GoTo rule cannot be applied twice in a row. 


Current R4 The GoTo rule consumes one potential. The remaining rules add 
one potential and we are allowed to start from any amount of potential. 


1. a 1. a 
2 ag ea ag 
3. cv) 
3. a GoTo 4. a GoTo 
a ao 5. ee 
5. i GoTo 6. i Gete 
(a) Starting point. (b) Transformed. 5 and 6 are now illegal. 


Fig. 3. Unjustified GoTo after weakening on line 3. We assume restriction R1 [1], 
that extensions must be new. 


The original restriction rules out infinite branches that consist of repeated 
applications of GoTo. Potential does the same because it decreases with each 
application. This new formulation, however, works better with the induction 
principle outlined above, since that principle may force us to apply GoTo twice 
in a row. Consider Figure 3b where the transformation of the branch means 
we should not apply GoTo on line 4 as in the tableau we are mimicking but go 
directly to line 6. With the original R4 we would need a more intricate trans- 
formation of the branch (or a weaker lemma), but with the current restriction 
we can simply assume that we start with more potential, making the detour 
benign. The restriction preserves completeness as any closed tableau is finite. 
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Also, we can always start from a single unit: 


Theorem 3.1 (Potential) If a branch can be closed then it can be closed 
starting from a single unit of potential. (cf. “No detours” in the formalization.) 


4 Current Work 


We have lifted equivalents of the four relevant restrictions by Blackburn et al. [1] 
(R1, R2 and R5) in previous work [4]. Unfortunately, the Nom rule as given 
can still be used to construct infinite branches [1]. Blackburn et al. replace it 
with a three-part Nom* rule without this problem and show that it is sufficient 
for their translation-based completeness proof [1]. Instead of splitting it, we 
may impose the following, equivalent restriction on the general Nom rule: 


Nom* i =a and ¢ is not k or Ok for any k introduced by the (©) rule. 


This restriction means that “(©)-produced” nominals can only appear on 
their own as opening nominals. This breaks a symmetry otherwise present in 
exhausted branches: if nominal i appears on a k-block then k also appears on 
an i-block. The synthetic completeness proof by Jgérgensen et al. [5] that we 
have previously formalized [4] makes use of this symmetry in their modeling of 
open exhausted branches and their model existence result. We have overcome 
this by (a) updating the definition of Hintikka sets to model our non-symmetric 
branches and (b) applying the model existence result by Bolander and Black- 
burn for a terminating internalized calculus [2] to our synthetic setting. 


5 Conclusion 


Modern proof assistants are more than capable of handling non-trivial proof 
systems and their metatheory. It can still be beneficial to shape our proofs 
such that they work well with the tools provided by the assistant, but in return 
we gain precision and absolute trust in the correctness of our results. 
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Abstract 


This paper addresses a gap in the literature concerning the precise complexity of the 
satisfiability problem for the one-variable fragment of first-order linear temporal logic 
(FOLTL) with arbitrary counting quantifiers FOLTL?. over expanding domain mod- 
els. By exploiting explicit bounds on Dickson’s Lemma, we obtain an Ackermannian 
upper-bound on the size of satisfying models for FOLTL®, over expanding domains, 
yielding an optimal Ackermann-time decision procedure. 
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1 Preliminaries 
1.1 First-order temporal logics with counting quantifiers 


In what follows, we shall consider the one-variable fragment of the first-order 
linear temporal language comprising a countably infinite set of (monadic) pred- 
icate symbols Pred = {Pp, P,,...} and sole first-order variable x. We denote 
by OT LF the set of all FOLTL formulas with counting quantifiers defined by 
the following grammar: 


pg u= P(x) | 7y | (viA ge) | Fe | Xe | Accry 


where P; € Pred and c € N specifies the capacity of the quantifier d<,. Other 
Boolean connectives can be defined in the usual way, together with temporal 
operator Gy := —F 7y, and quantifiers dr yp := -d<gr yp and Va yp := 7dr 74. 


Formulas of OTL? are interpreted in first-order Kripke models of the form 
M = (I, D,d,Z), where FT is an initial segment of the natural number under 
their usual ordering, D is a non-empty set of domain objects and 0 is a domain 
function which associates each instance k € Y with a non-empty subset 0(k) C 
D. Finally, Z: a x Pred > 2” is a function associating each k € T and each 
predicate symbol P; € Pred with a subset Z(k, P;) C 0(k). 
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We say that a model is expanding in the case that 0(n) C 0(m), when- 
ever n < m, respectively. Satisfiability is defined in the usual way, with 
Mk = Xp iff Mik +1) —* vy and Me E* Fo iff M,l E* y, for 
some £ > k. Counting quantifiers are interpreted so that Dt,k -* 4<.% 
iff |{b € dom (k) : Mt,k E y}| <e. 


In what follows, we are concerned with the following decision problem: 


FOLTL# -sat: 


fin 


Input: Given a formula y € OT LF, 


Question: Is there a first-order expanding model It = (T, D,d,Z) such that 
% is finite and Jt,0 E* y for some a € 0(0)? 


If we were to consider satisfiability with respect to constant domain mod- 
els then the satisfiability problem is known to be non-recursively enumerable, 
even if we were to restrict the language to the X-free fragment with sole quan- 
tifiers {d<o,d<i} (6]. 

In what follows, the size of y € OTe. denoted ||y]|, is taken to be the 
number of symbols it comprises with the capacity of counting quantifiers en- 
coded in binary, so that cap(y) < log(||y|]) and |sub(y)| < ||y||, where cap(y) 
denotes the maximum capacity appearing in y and sub(y) denotes the set of 
subformulas of y. 


1.2 The fast-growing hierarchy 


For each countable ordinal a € Ord we define the function Fy, : N — N by 
taking 


Fo(n) :=n+1, Fo4i(n) = FY (n), and Fy(n) := Fyn)(n) (fF) 


if A € Ord is a countable limit ordinal, where A(n) is a fundamental sequence 
for » (see [9] for details). For our purposes, it is enough to note that we obtain 
a version of Ackermann’s function F.,(n) = F,(n) by a diagonalization of the 
sequence Fo, Fi, F2,... [1]. For each countable ordinal a € Ord, we define the 
complexity class F, to be the set of all decision problems that can be solved 
by a (deterministic) Turing Machine in time bounded by some fast-growing 
function F,, of some function p(n) € O(Fg(n)) for 6 < a, where n is the size 
of the input. 


2 Result 


Definition 2.1 Let Types(y) C 2%>(*) denote the set all Boolean saturated 
set of subformulas of y. We define a quasistate for y to be a pair (T, 4) such 
that: 


(qs1) T C Types(y) is a non-empty set of types for y, 
(qs2) w:T — {1,...,cap(y), cap(y) + 1} is a ‘multiplicity’ function, 


(qs3) (d<--saturation) For all t € T and (4<-%€) € sub(y), we have that 
de,et) evita )2fer and ter} <a 


— 
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Definition 2.2 A quasimodel for y is a tuple Q = (N, q,I,R) such that: 


(qm1) N €N, gq is a function associating each k < N with a quasistate 
a(k) = (Tk, ux), and ® is an set of partial functions (called runs) rj, 
indexed with indices from J, such that r;(k) € T, for each k € dom (r;), 
where dom (r;) denotes the domain over which r; is defined. 


(qm2) There is some i € I such that y € r;(0), 
(qm3) (expanding) For alli € I, ifk € dom(r;) and k < k’ then k’ € dom(r;). 
(qm4) (X-coherence) For alli € I, k € dom(r;) and X€ € sub(y), 
XEeri(k) — Ee€ri(k+1), 

(qm5) (F-coherence) For alli € I, k € dom(r;) and Fé € sub(y), 

Fe eri(k) <= €€ri(k’) for some k’ > k, 
(qm6) For all k € W and t € Ty, we have juz (t) = min (|I(k, t)|,cap(y) + 1), 
where I(k,t) = {t € 1: k € dom(r;) and r;(k) = t} denotes the set of indices 
of runs passing through type t € T; of quasistate q(k). 
For each k < N, we define the signature of q(k) to be the N¢-vector: 

a(k) = (\I(k,t)| : t € Types(y)) € N¢ 

of dimension d = |Types()| < 2!|"ll. We say that Q is controlled if it satisfied 
the additional condition that: 


(ctrl) ||o(k)||,, < 4{lel+”, for all k < N, where ||x||,, = max¢_, x; denotes 
the oo-norm of x = (x1,...,@a) € N4, 


and that Q is small if it satisfies the additional condition that: 
(sml) N < F(a+2)(||¥||), where F(a+2) is as defined in (f). 


Lemma 2.3 ¢ is FOLTL# -satisfiable iff there is a quasimodel for y. 


fin 


Proof. The proof is routine and follows similar constructions in [8,5]. 
Lemma 2.4 If ~ has a quasimodel then ~ has a controlled quasimodel. 


Proof. Suppose that Q = (N,q,J,9) is a quasimodel for y. For each k < 
N,t € Th and m < p(t), we fix an index i(,4m) € J such that (i) k ¢€ 
dom (Perce) and Tiger my (A) = t, and (ii) Ifm Am’ then ixt.m) F t(k,t,m’)- 
Let I’ be the set of all such indices, and define a new run rj for each 
i =t(k,t,m) € I’ by taking ¢ € dom (rj) iff > k and rj(€) = ri(@), for all ¢ > k; 
that is to say that we trim the domains of the runs. Let ’ be the set of all such 
runs indexed by I’. Note that, since z(t) < (cap(y) + 1) < 2!lell and || < 
gilell, we have that dite Types(y) [2"(0, 4)| < Allell and DiteTypes(y) [2"(& + 1,2)| < 


Allell +, etypes(y) H’(A; t)|, from which we deduce that 


Io(k)\5 < S- \I'(k,t)| < (k +1). 4lleh < Alllell+s) 
teTypes(p) 
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for all k < N, since (k + 1) < 4*. It is a routine exercise to show that Q! = 
(N, q, 1’, WR’) is a controlled quasimodel for vy, as required. Note, also, that if Q 
is small then so too is Q’, since the size of the timeline remains unchanged. 


Lemma 2.5 If ~ has a quasimodel then y has a small quasimodel. 


Proof. Suppose to the contrary that y is satisfiable but does not have a small 
quasimodel. Let Q = (N,q,J,9) be the smallest quasimodel for y, which we 
may assume does not to satisfy (sml), and so N > F(a+2)(||y||). Moreover, 
without loss of generality, we may assume that Q is a controlled quasimodel 
for y, courtesy of Lemma 2.4. Consider the sequence of signatures 


x = (o(k) EN? :k <a) 


where d < 2!ll. Note that, by (ctrl), we have that ||o(k)||,, < 4“l?ll+® and 
so the sequence is (4”, ||y||)-controlled in the sense of [3], where it is proved the 
the maximum length of any such ‘bad’ sequence for which Dickson’s Lemma 
does not apply is at most F(a+2)(||y||). However, since N > Fia+2)((|¢ll), it 
then follows that there must be some n < m < N such that a(n) < o(m), 
which is to say that |I(n,t)| < |I(m, t)|, for all t € Types(y). 

It follows that there is some family of injections 7 : I(n,t) > I(m,t), for 
t € T,, from which we can construct an injection 7 : A > I where A = {i € 
I:n€dom(r;)} CJ. Let B = I — rng(7) denote all those indices that do not 
appear in the range of 7. Now let I’ = {(i,a) :i € A} U{(i,b) : i © B} be the 
disjoint union of A and B. 

We define a new quasimodel Q = (N’, q’,Z’,%’) by making an excision of 
the sub-interval [n, m) and stitching together the runs bridging the cut, similar 
to the approach taken in [7]. To this end, let X : w > w is a relabelling such that 
Mk) =k, fork <n, and A(k) =k+m-—n, fork > n. Take N’ = (N-—m-+n) 
and q/(k) = q(A(k)), for all k < N’. For each (i,) € I’, let r¢,,) be a new 
run obtained by ‘stitching’ together runs indexed by 7 € A with those indexed 
by 7(B) € I across the excision, by taking 


ri(k) ife=aandk<n 
Tniy(A(k)) if =aandk>n 
ri(A(k)) ife=bandk>n 
undefined ifx=bandk <n. 


tes (k) — 


Take ®’ to the set set of all such runs indexed by J’. It is then straightforward 
to check that 9’ is a quasimodel for y. Moreover, 9’ is smaller than Q, contrary 
to the supposition that Q be the smallest such quasimodel. Hence, there must 
be some quasimodel satisfying (sml). 


1 Dickson’s Lemma states for every infinite sequence (a5 EN ri< w) there are 7 < j such 
that 2; <a;. A ‘bad’ sequence is any finite sequence without this property. 
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Theorem 2.6 FOLTL#. has the F,,-bounded finite model property. 


Proof. By alternating between application of Lemmas 2.4 and 2.5 we have 
that y is satisfiable if and only if it has a quasimodel that is both small and 
controlled. Lemma 2.3, then yields a model for y whose size is bounded by 
O(Fra+2)(Il¢ll)) < OFu(l¢ll)), as required. 


Corollary 2.7 The satisfiability problem for FOLTL¥, is F.,-complete. 


Proof. It is sufficient to non-deterministically search for a satisfying model for 
yp € OF ce of the prescribed size. However, since the class F,, is closed under 
exponentiation—and hence non-determinism—we have that the satisfiability 
problem for FOLTL? belongs to F,,. The matching lower-bound is proved in [6], 
via a reduction from the reachability problem for lossy counter machines [10]. 


3 Discussion 


In [6], it was proved via reduction that the X-free fragment with sole quantifiers 
{d<o,d<i} is decidable. However, this proof did not yield a effective upper- 
bound, as the decision procedure for the logic to which it is reduced depends 
upon Kruskal’s Tree Theorem [4]. Indeed, in that same paper, the authors 
show that the logic in question is F,,.-hard, owing to a reduction from the 
reachability problem for lossy channel systems [2], making it strictly more 
complex than FOLTL%., as demonstrated here. Note also that the choice of 
binary/unary encoding for the counting quantifiers does not have an effect on 
the complexity, with the limiting factor being the number of types for y. 
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Abstract 


We consider product of modal logics in topological semantics and prove that the 
topological product of $4.1 and $4 is the fusion of logics $4.1 and S4. 


Keywords: Modal logic, topological semantics, product of modal logics, McKinsey 
axiom 54.1, 54 


1 Introduction 


The products of Kripke frames and there ware defined and studied by many 
authors (cf. [6,9,5]). It is a natural way to combine modal logics and to study 
the logics of two-dimensional structures. The same idea was used to define 
the product of topological spaces in [15]. Note in [15] that product of two 
topological spaces differ from the classical definition in topology. The main 
difference being that the result of the product from [15] is a set with two 
topologies: horizontal and vertical; and the classical product is a space with 
one topology called the product topology. 

One of the main questions in this context is the following: given two com- 
plete modal logics LZ; and Lz, what is the logic of all possible products of 
corresponding structures (Kripke frames or topological spaces) with one being 
an L-structure and the second being an L-structure. It turns out that the 
result heavily depends on the type of structures. For example, the Kripke- 
frame-product $4 times S4 is the following logic (cf. [6]) 


aD 


S4*S4 + 0) Oop + O20ip + O10ap > O21 p.(cf) 
where S4 x S4 is the fusion of corresponding logics. 
The topological product (precise definition is given in the next section) of 
S4 times S4 is just the fusion $4 * $4 with no additional axioms (see [15])). 
The notion of the product of topological spaces was generalized to the prod- 
uct of neighborhood frames in [11] and [7]. 
In this paper, we prove that the topological product $4.1 x;S4 = $4.1 S4. 
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2 Definitions and background 

Let us establish the playground. Assume we have a countably infinite set of 
propositional letters PROP. A (modal) formula is defined recursively by using 
the Backus-Naur form as follows: 


Az=p|1|(A- A)|GjA, 


where p € PROP, and C; is a modal operator (¢ = 1,..., N). Other connectives 
are introduced as abbreviations: classical connectives are expressed through L 
and —, and ©; is a shortcut for =0;-. 


Definition 2.1 A normal modal logic (or a logic, for short) is a set of modal 


formulas closed under Substitution (48) , Modus Ponens (4472) and Gen- 


eralization rules (4x): containing all the classical tautologies and the normal- 


ity axioms: 


i(p > q) > (Dip > Dig). 


Kn denotes the minimal normal modal logic with n modalities and K = Ky. 


Let L be a logic and [' be a set of formulas, then L+T denotes the minimal 
logic containing L and T. If f = {A}, then we write L+ A rather than L+ {A}. 
Logic S4 is well known: 


S4=K+Op > p+ Op > OOp. 


The notion of Kripke frames and truth conditions (the - relation) for them 
are well known. We refer the reader to [4]. The same goes for the topological 
spaces and topological models (see [1]). 

For a class of topological spaces (Kripke frames) C the logic of it is 


Log(C) = {A |VS €C(S  A)} 


Note that if C is a class of birelational Kripke frames or bitopological spaces 
the logic you get will have two modalities. 


Definition 2.2 Let X; = (X1,7)) and X. = (X2,T2) be two topological 
spaces. We define the (bitopological) product of them as the bitopological space 
X1 X4 Xo = (X11 x Aol Te Topology yee is the topology with the base 
{U x {x2} | U eT, & x € X2} and topology TY is the topology with the base 
{{i} x U|a1 € X, KU ET}. 

Topological product of two topologically complete modal logics LE, and Lo 
is the following logic with two modalities: 


Ly X14 L2 = Log({X1 X+ X2 | ¥1, ¥2 — topological spaces, #1 / L1, X2 —& Le }) 


Theorem 2.3 ([15]) The topological product of S4 x S4 is the fusion of S4 
with S4. In symbols: 
S4 x, S4 = S4« S4. 


Even more, the logic of product Q x; Q is also S4 * S4. 
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Ph. Kremer proved a surprising negative result that the logic of R x; R is 
not $4 * S4 (see [?]). This logic is still unknown. 

There are also some results on the product of neighborhood frames closely 
related to the bitopological product (see [7,8,?,?]). 

There were no completeness results of bitopological products for extensions 
of S4. In this paper we consider a well-known extension of $4 with formula 
Al = OOp > Op. This formula is called the McKinsey axiom and it is 
well-studied both in the Kripke semantics and in topological semantics. 

In the Kripke semantics this formula corresponds to the following property 
in the presence of S4: for an S4-frame F' = (W, R) 


FEL AI Vu € Wau € W(wRud R(u) = {u}), 


where R(u) = {t |uRt}. The proof is straightforward. 
Let us recall some definitions from topology. 


Definition 2.4 In topological space X point x is isolated if set {x} is open in 
X. X is weakly scattered if the set of isolated points of X is dense in X, that is 
if any open subset has an isolated point. 


In topological semantics logic $4.1 was studied in [15,3,2]. It is known that 
$4.1 is the modal logic of the class of weakly scattered spaces. The proof can 
be found in [3]. 


3 Main result and further work 
Theorem 3.1 S4.1 x; $4 = $4.1 « $4. 


For the further work we plan to investigate the following topics: 


(i) Determine the logics $4.1 x;S$4.1, $4.2 x,S4, $4.2 x,$4.1 and $4.2 x,$4.2. 
Hopefully, they will be equal to the fusions of the corresponding logics. 


(ii) Add McKinsey axiom to transitive logics less then S4 
like D4 and_ K4. From [?] and [7] we know that 
D4 x, D4 = D4 x D4 and K4 x, K4 = K4« K44+ A, where A is the 
set of variable-free formulas of spatial form. We hope it will be possible 
to prove that adding axioms Al and A2 will not add more axioms to the 
right-hand part of the equalities. 
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This paper considers proof-theoretic semantics for necessity within Dummett’s and 
Prawitz’s framework. Inspired by a system of Pfenning’s and Davies’s, the language 
of intuitionist logic is extended by a higher order operator which captures a notion 
of validity. A notion of relative necessary is defined in terms of it, which expresses a 
necessary connection between the assumptions and the conclusion of a deduction. 


Keywords: proof-theoretic semantics, modal logic, necessity, higher-order rules. 


1 Proof-Theoretic Semantics 


Dummett and Prawitz do not consider how the meanings of modal operators 
may be given by their theory of meaning for the logical constants. To investigate 
in outline how this may be done is the purpose of this short paper. 

According to proof-theoretic semantics, the rules governing a constant de- 
fine its meaning. Prior’s tonk shows that the rules cannot be arbitrary. Dum- 
mett and Prawitz impose the restriction that the introduction and elimination 
rules for a constant * be in harmony, so that *E does not license the deduction 
of more consequences from A * B than are justified by the grounds for deriving 
it as specified by *J. (See [4], [11], [12], [13], [14].) A necessary condition for 
harmony is that deductions can be brought into normal form. A deduction is 
in normal form if it contains neither maximal formulas nor maximal segments. 
A mazimal formula is one that is the conclusion of an J-rule and major premise 
of an E-rule. A maximal segment is a sequence of formulas all except the last 
of which are minor premises of VE and the last one is major premise of an 
E-rule.! 


1 T am allowing myself a certain looseness in terminology, which, however, is quite common 
in the literature. Strictly speaking, Dummett distinguishes intrinsic harmony, stability and 
total harmony. Intrinsic harmony is captured by normalisation: the elimination rules of a 
constant are justified relative to the introduction rules. Stability is harmony together with 
a suitable converse: the introduction rules are also justified relative to the elimination rules. 
Total harmony obtains if the constant is conservative over the rest of the language. Dummett 
calls the permutative reduction steps to remove maximal segments ‘auxiliary reduction steps’. 
Sometimes, as in the case of quantum disjunction, these cannot be carried out, which points 
to a defect in the rules for the connective from the meaning-theoretical perspective [4, 250, 
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Deductions in intuitionist logic I normalise [10, Ch 4]: 


[4 [BP 
II > 
$4 nA B _ AVB C Gua 
i aap ANB vee C ‘ 
[A]’ 
II 
B.. _ ADB A ~ abet 
D1 AaB’ DE: B LE: C 
A B AAB AAB 
MW AKB ae. B 


The constants occur only in conclusions of J-rules and major premises of E- 
rules. Thus the conditions for using an I-rule and the consequences of using 
an F-rule are given independently of the constants. 

The rules of I exemplify Dummett’s notions of full-bloodedness and molec- 
ularity in the theory of meaning [5], [6]. A full-blooded theory of meaning 
characterises the knowledge of speakers in virtue of which they master a lan- 
guage in such a way that it exhibits how a speaker who does not yet understand 
an expression could acquire a grasp of it. A molecular theory of meaning does 
so piecemeal and specifies the meanings of the expressions of a language one 
group of expressions at a time. A speaker need not understand the constants 
of I in order to be informed about the conditions for the application of their I- 
and E-rules. To understand the grounds for deriving a formula with * as main 
operator, or to understand the consequences that follow from it, a speaker only 
needs to grasp the meanings of some sentences, but not any sentences contain- 
ing *. A speaker who does not already know the meanings of the constants of 
intuitionist logic could acquire a grasp of their meanings by learning the rules 
of inference of I. The rules are informative: the grounds and consequences of a 
formula with * as main operator are given without reference to *. Its meaning 
is specified without presupposing that * already has meaning. 

Contrast the rules of I with standard rules for 0 in S4: 


A A 
q: A E: A 
where in OF all assumption on which A depends have the form OB. The condi- 
tions for applying OJ are not given independently of 0. Thus they presuppose 


that O is meaningful. Hence they do not define its meaning. Put in terms of 


289]. Dummett observes that normalisation implies that each logical constant is conservative 
over the rest of the language [4, 250] and conjectures that ‘intrinsic harmony implies total 
harmony in a context where stability prevails’ [4, 290]. Dummett and Prawitz only count 
those segments as maximal that begin with the conclusion of an introduction rule. The more 
general notion used here is found in [15]. It is required for philosophical reasons. For more 
on these issues, see [8, Ch 2]. 
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speakers’ understanding, to be able to use OJ and to infer a formula of the 
form OA, a speaker already needs to know how to use formulas of the form 0B 
in deductions, and so the speaker already needs to know the meaning of OB. 
Thus a speaker could not acquire a grasp of the meaning of 0 by being taught 
those rules. As a definition of the meaning of 0, these rules are circular. The 
I-rule for 0 presupposes that O already has meaning. ? 

I propose that for the rules governing * to define its meaning, they must 
satisfy a Principle of Molecularity: * must not occur in the premises and 
discharged hypotheses of its J-rules, nor in any restrictions on their application, 
and * must not occur in the minor premises and discharged hypotheses of its 
£-rules, nor in any restrictions on their application. Generalising, there should 
be no sequence of constants *1...*, such that the rules for *; refer to *;, i < j, 
and the rules for *,, refer to *1. 

A promising system of modal logic from the present perspective was for- 
malised by Pfenning and Davies [9]. It is based on Martin-L6f’s account of 
judgements. They distinguish the judgment that a proposition is true from 
the judgement that a proposition is valid. | is interpreted as a hypothetical 
judgement. Validity is defined in terms of truth and hypothetical judgements, 
where - marks an empty collection of hypotheses and I are hypotheses of the 
form ‘B true’: (1) If: A true, then A valid; (2) If A valid, then TF A true. 

Their system has axioms for the two kinds of hypotheses and rules for 
implication and necessity. Formulas assumed to be valid are to the left of the 
semi-colon, those assumed to be true to its right: ? 


hyp ; hyp» 
A;T,A true,I’ + A true A, B valid, A’; + B true 
A;T, A true B true : A;[TF AD B true A;TE A true 2 
A;TF AD B true : A;TF B true = 
A;-- A true a A;TF OA true A, A valid; C true : 
A;TF OA true A;T FE C true 


Call this system JM. It is a fragment of intuitionist S4. A normalisation 
theorem can be proved for it. Its rules satisfy the Principle of Molecularity. 


2 Modal Logic with Validity 


In this section I reformulate, extend and generalise JM. The reformulation 
is three-fold. (1) I use a system of natural deduction not in sequent calculus 
style. (2) As any formula in JM is followed by either ‘valid’ or ‘true’, I drop 
the latter and simply write ‘A’. This has a philosophical point: it accords with 
an account of logical inference as relating propositions, not judgements. (3) I 


2 Prawitz proves a normalisation theorem for intuitionist S4 and S5 [10, Ch 6]. Other such 
systems of intuitionist S4 are formalised by Biermann and de Paiva [1] and von Plato [16]. 
Thus normalisation is not a sufficient condition for rules to define meaning. 

3 The restriction on I of clause (2) of the definition is not explained further. The point may 
well be to avoid circularity. It is effectively lifted in the axiom hyp*. 
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do not treat validity as a judgement either, but as a sentential operator. The 
generalisation consists in the observation that validity is a relation between 
the assumptions and the conclusion of a deduction. The extension consists in 
formulating rules of inference for a higher level operator F for this generalised 
notion of validity. The rules for 0 appeal to it. HM extends I by F and 0. 

Formulas of level 0 are those of I extended by 0. Formulas of level 1 are 
all formulas B,...B, + A, where B,...B,,A are formulas of level 0, for 0 <n. 
B,...By, | A can be derived if there is a deduction of A from B,...B,. Applying 
an elimination rule for F, this is what we should get back. We may not know 
how A was derived from B,...B,, but as we know that there is such a deduction, 
the inference of A from B,...B, is valid. | has the following rules: 


[Bi]®...[Bn]® : 7 
II Dy o1 =n 
A — By...By,b A By, a4 By 
VI: ~B,...B, FA V1...4n VE: A 


where B,...B,, 0 < n, are representatives of all the open assumption classes of 
II in any order (as the Bs must be of level 0, there are no open assumptions 
of level 1). Vacuous discharge is allowed: a representative to the left of / may 
belong to an empty assumption class of I; this corresponds to Thinning. 

VI and VE are generalisations of Pfenning’s and Davies’s definition of 
validity cast into rules of a system of natural deduction. Next we generalise 
the J- and E-rules for necessity. O is treated as a multi-grade constant which 
has one formula to its right and 0 to finite n formulas on its left. I abbreviate 
B,...By, by T and write [ + A instead of By...B, + A and [I]’ instead of 
[B,]"...[Bn]’". The rules for are: 


ry’ [r 


II 
yi i i E: rea a 
where in OJ, all open assumptions of level 0 of II are in I (any other open 
assumptions are of level 1 and have the form A+ B). Vacuous discharge is 
allowed. In OE, C is a 0-level formula. I propose to read O as relative necessity. 
It expresses that there is a necessary connection between the formulas in I and 
A, or necessarily, A given T.4 When I is empty, we get the usual unary 
necessity operator: it behaves as in intuitionist S4. 

Maximal formulas of the form + A are removed by the following reduction 
step: 


4 For a few more thoughts on this modal notion, see [7]. It should be noted that on this 
reading, T is necessary relative to everything, while everything is necessary relative to L: 
the notion of relative necessity proposed here is not a relevant relative necessity. 
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(B,]*...[Ba]é 7 = 
= 7 [Bi] -- [Bal 
a in ~ 
ee: aoe tae Bs B, Il 
a A 
= > 


The restrictions on VJ and OT require that all open formulas or all open 0- 
level formulas are discharged above their premises, and hence there can be no 
application of these rules in II below B,...B,, except where an assumption 
class [B]’ is empty. So the transformation cannot lead to any violations of 
restrictions on rules in I]. Any applications of those rules also remain correct 
in %, as the reduction procedure does not introduce new open assumptions into 
the deduction. For essentially the same reason, Prawitz’s reduction procedures 
for maximal formulas and segments continue to work for the constants HM 
shares with I. 

Removing maximal formulas [0A is slightly more original: 


> oy 

(ryé (rb Aj? ik IT] 
II A II 
Ae, -< iS) pk A 
TOA’ Coy = 
CG C 

S) S) 


¥ are the deductions of the formulas in. A maximal formula of type T0.A can 
only occur in the context on the left, unless [ + A is discharged vacuously by 
E, in which case its removal is trivial. The only thing one can do with TF A 
is to apply VE to it. Due to the restriction on C in OF and the formation rules 
for the language of HM, such a formula cannot be assumed and immediately 
discharged by a rule. Due to the restrictions on VI and OT, there can be no 
applications of these rules below the I's in II (unless in the case of vacuous 
discharge, which is trivial): hence concluding the I's with the deductions in © 
cannot lead to violations of rules in II. Due to the restrictions on VJ, there 
can be no application of that rule below A in =, as there is at least the open 
assumption [+ A that prevents such an application. If there is an application 
of OF in =, then all open assumptions of the deductions in © are of the form 
AF B, and hence they remain correct after the transformation. For similar 
reasons, applications of these rules in © also remain correct. 

All reduction steps reduce the complexity of the deduction: a maximal 
segment is shortened, a maximal formula of higher degree than those that may 
be introduced by the reduction procedure removed. A standard induction over 
the complexity of deductions establishes the normalisation theorem for HM. 
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3 Conclusion 


HM is a natural system of modal logic with higher order rules. It fulfils neces- 
sary conditions for a proof-theoretic account of the meaning of 0. Deductions 
normalise. Its rules are harmonious and satisfy the molecularity principle. The 
meaning of O is given in terms of the meaning of -, the meaning of which is 
given in terms of inferences in I. 

HM generalises JM in introducing a more general notion of validity and 
allowing validities to occur as conclusions of rules. But it remains close to JM, 
in that the restrictions on VJ and the rules for 0 are directly lifted from JM. 
A natural question is how the restrictions on VJ could be loosened to allow 
further ways of deriving [+ A. The restriction on VJ blocks a derivation of a 
version of cut: If (1) TF A and (2) A, AF C, then (3) T, AF C. It is possible 
to conclude A from (1) by assuming all formulas in I’, and then to conclude C 
from (2) by assuming all formulas in A, but the restriction on VJ prevents the 
conclusion of (3), as besides the 0-level formulas in T and A, the conclusion C 
depends on the undischarged first level formulas [+ A and A, AFC. 

Dosen proposes systems of higher order sequents for intuitionist and classi- 
cal S4 and S5 ((2], [3]), in which, he explains, 0A means ‘A is assumed as a 
theorem’. This sounds similar to Pfenning’s and Davies’s account of modality. 
Dosen’s system implements a stricter distinction of levels of formulas and rules 
than HM. To the left and right of Dosen’s turnstile of level 2, there must be 
formulas of level 1, not of level 1 or 0. Thus transposed into a system of natural 
deduction, Dosen’s rules for 0, which are of level 2, would require premises and 
conclusions of level 1. These rules are derivable using present the rules if VI 
may also be applied when all assumptions on which its premise depends are of 
level 1, i.e. of form At C. Furthermore, with the restriction on VI so loos- 
ened that amongst the assumptions on which its premise depends there may 
be formulas of level 1, the version of cut mentioned in the previous paragraph 
becomes derivable. Modifying HM is an avenue for further research. 
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Abstract 


We present a labelled sequent system and a nested sequent system for intuitionistic 
modal logics equipped with two relation symbols, one for the accessibility relation 
associated with the Kripke semantics for modal logics and one for the preorder relation 
associated with the Kripke semantics for intuitionistic logic. Both systems are in close 
correspondence with the bi-relational Kripke semantics for intuitionistic modal logic. 
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1 Introduction 


Structural proof theoretic accounts of modal logic can adopt the paradigm of 
labelled deduction, in the form of e.g. labelled sequent systems [12,7], or the one 
of unlabelled deduction, in the form of e.g. nested sequent systems [1,9]. 

These generalisations of the sequent framework, inspired by relational se- 
mantics, are needed to treat modalities uniformly. By extending the ordinary 
sequent structure with one extra element, either relational atoms between la- 
bels or nested bracketing, they encode respectively graphs or trees in the se- 
quents, giving them enough power to represent modalities. 

Similarly, proof systems have been designed for intuttionistic modal logic 
both as labelled [10] and as nested [11,4,3] sequent systems. Surprisingly, in 
nested and labelled sequents, extending the sequent structure with the same 
one extra element is enough to obtain sound and complete systems. 

This no longer matches the relational semantics of these logics, which re- 
quires to combine both the relation for intuitionistic propositional logic and the 
one for modal logic. More importantly, it leads to deductive systems that are 
not entirely satisfactory; they cannot as modularly capture axiomatic exten- 
sions (or equivalently, restricted semantical conditions) and, in particular, can 
only provide decision procedures for a handful of them [10]. 
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This lead us to develop a fully structured approach to intuitionistic modal 
proof theory capturing both the modal accessibility relation and the intuition- 
istic preorder relation. A fully labelled framework, described succintly in Sec- 
tion 3, has already allowed us to obtain modular systems for all intuitionis- 
tic Scott-Lemmon logics [6]. In an attempt to make this system amenable 
for proof-search and decision procedures, we have started investigated a fully 
nested framework, presented in Section 4. We would be particularly interested 
in a suitable system for logic IS4, whose decidability is not known; we discuss 
this direction in Section 5. 


2 Intuitionistic modal logic 


The language of intuitionisitic modal logic is the one of intuitionistic proposi- 
tional logic with the modal operators 0 and ©. Starting with a set A of atomic 
propositions, denoted a, modal formulas are constructed from the grammar: 


Az=a|Ll|(AAA)|(AVA)|(ADA4)| GA] OA 


The axiomatisation of intuitionistic modal logic IK [8,2] is obtained from intu- 
itionistic propositional logic by adding: 


¢ the necessitation rule: OA is a theorem if A is a theorem; and 


e the following five variants of the distributivity axiom: 


ky: O(AD B)D(GADOB) kg: O(AV B)D(CAVOB) ks: OLIL 
ko: D(AD B)D(OADOB) ka: (OADOB)DO(AD B) 
Definition 2.1 A bi-relational frame consists of a set of worlds W equipped 
with an accessibility relation R and a preorder < satisfying: 


(F,) For x,y,z € W, if eRy and y < z, there exists u s.t. 2 <u and uRz. 
(F2) For x,y,z € W, ifx < y and xRz, there exists u s.t. yRu and z < u. 


Definition 2.2 A 07-relational model is a bi-relational frame with a monotone 
valuation function V: W — 24. 


We write « lt a if a € V(x) and, by definition, it is never the case that 
az \F L. The relation Ik is extended to all formulas by induction, following the 
rules for both intuitionistic and modal Kripke models: 


tlk AAB iff zlk Aand alt B 

tlk AVB iff zlk Aorzlk B 

clk ADB iff for all y with x < y, if ylk A then y lk B 

zlk OA iff for all y and z witha <yand yRz,zlk A (1) 
LIF OA iff there exists a y such that xRy and y|F A 


Definition 2.3 A formula A is valid in a frame (W, R, <), if for all monotone 
valuations V and for all w € W, we have w IF A 


Theorem 2.4 ([2,8]) A formula A is a theorem of IK if and only if A is valid 
in every bi-relational frame. 
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"S22 Rod BLL SR 
B,L,u:A,c:B>R B,L>R,w:A B,L>R,«:B 
“BL@AABSR BL => R,u:ANB 
BLywA>R B,L,w:B>R B,L>R,x:A,x:B 
B,L,wAVBOR “BLSR,@AVB 
B,Lix<y,yA>R,y:B 
DL y fresh 


B,L>R,w:ADB 


Bu<yl=>R yA Bar<yLl,y:BS>R 
Bwur<yLl,v:ADB>R 


VL 


OR 


Be<y,yRz,lL,c:0A,2zA>R Bix <y,yRz,L>R,2:A 
O 


Bele cetAS ke Bos Red. oe 
B «Ry, L,y:A>R e B,xcRy,L>R,u:OA,y:A 
fresh 
B,L,20ASR ” *B,cRy,L > R,x:OA 
Bwr<a,lL>R Be<yy<z,47<2z,lL>R 
refl< ————_—_—_—————___ trans 
- B,L>R . Bia<yy<2z,L>R 
B,«Ry,y < 2,4 <u,uRz,lL>R 
1 u fresh 


B,xcRy,y<2z,lL>R 
B,xRy,«<z,y<u,zRu,lL>R 


Fo u fresh 


B,xRy,x<2z,lL>R 


Fig. 1. System lablK< 


3 Fully labelled sequent calculus 


Echoing the definition of bi-relational structures, we consider an extension of 
labelled deduction to the intuitionistic setting that uses two sorts of relational 
atoms, one for the modal accessibility relation R and another one for the intu- 
itionistic preorder relation < (similarly to [5] for epistemic logic). 


Definition 3.1 A two-sided intuitionistic fully labelled sequent is of the form 
B,L => R where B denotes a set of relational atoms «Ry and preorder atoms 
x<y, and £ and R are multi-sets of labelled formulas «:A (for « and y taken 
from a countable set of labels and A an intuitionistic modal formula). 


We obtain a proof system lablIK<, displayed on Figure 1, for intuitionistic 
modal logic in this formalism. Most rules are similar to the ones of Simp- 
son [10], but some are more explicitly in correspondence with the semantics by 
using the preorder atoms. For instance, the rules introducing the O-connective 
correspond to (1). Furthermore, our system must incorporate the conditions 
(fF) and (F2) into the deductive rules F; and Fo, and rules refl< and trans< are 
necessary to ensure that the preorder atoms behave as a preorder on labels. 
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Fig. 2. System nlK< 


Theorem 3.2 For any formula A, the following are equivalent. 
(i) A is a theorem of IK 


‘ F : By L>R,2C Bo L,2C>R 
(ii) A is provable in lablK< + cut with cu — : 


By, B2,L >R 


(iii) A is provable in lablK< 


The proof is a careful adaptation of standard techniques (see [6] for details). 


4 Fully nested sequent calculus 


In standard nested sequent notation, brackets [-] are used to indicate the parent- 
child relation in the modal accessibility tree. (-)® and (-)° annotations are used 
to indicate that the formulas would occur on the left-hand-side or right-hand- 
side of a sequent, respectively, in the absence of the sequent arrow. 

To make it fully structured again, we enhance the structure with a second 
type of bracketting [-] to encode the preorder relation. 


Definition 4.1 A two-sided intuitionistic fully nested sequent is constructed 
from the grammar: [T ::= @ | A*,T | A°,T | [P] | (P] 


The obtained nested sequent calculus nlK< is displayed in Figure 2. The 
idea is similar to the fully labelled calculus but the shift of paradigm allowed 
us to make different design choices. In particular, the underlying tree-structure 
prevents us to express the rule F2, but its absence is offset by the monotonicity 
rules mon, and monr, which were admissible in lablK<. Another benefit of this 
addition is that rules refl< and trans< do not need any equivalent here. 


5 Extensions: example of transitivity 


As mentioned in the introduction, one of our motivation is to investigate de- 
cision procedure for axiomatic extensions of IK, for instance IS4, intuitionistic 
logic of reflexive transitive frames. We will therefore illustrate our approach 
taking transitivity as a test-case. 
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The frame condition of transitivity (V~yz. «Ry \ yRz > aRz) can be ax- 
iomatised by adding to IK the conjunction of the two versions of the 4-axiom: 


445: OAD A 45: OCOADOA 


which are equivalent in classical modal logic. However, in intuitionistic modal 
logic they are not and they can be added to IK independently. From [8] we know 
they are in correspondence respectively with the following frame conditions: 


Vayz.((eRyAyRz)du.(a < uAuRz)) Veyz.((cRyAyRz)Ddu.(z < uArRu)) (2) 


Following Simpson [10] we could extend our basic sequent system for IK to 
IK4 = IK + (45 A 40) with the rule 


B,wRv,vRu,wRu,L>R 
B,wRv,vRu,L>R 


transr 


Incorporating the preorder symbol into the syntax too, allowed us however 
to translate the conditions in (2) into separate inference rules for 45 and 40: 
B,«Ry,yRz,uRz,2<u,lL>R B,«Ry,yRz,cRu,z<u,lL>R 


Oo u fresh 40 u fresh 


B,xRy,yRz,L>R B,«Ry,yRz,L>R 


These extensions for lablK< are sound and complete; more generally, Theo- 
rem 3.2 can be extended to the class of intuitionisitc Scott-Lemmon logics [6]. 
Similar results for the fully nested sequent system are subject of ongoing 
study. Previous nested systems for intuitionistic modal logics [11,4] can be 
extended from IK to IK4 by simply adding the following rules: 
TP, {OA®, [OA*, P2]} Pi {OA®, [OA®, Po]} 


Oba R4 


Pi{GA®, ['2]} Pi{oA?, [Po]} 


These rules are logical rather than structural as their labelled counterpart, 
making them usually more suitable for proof search procedures. 
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Abstract 


The discussion about how to put together Gentzen’s systems for classical and intuitionistic logic 
in a single unified system is back in fashion. Indeed, recently Prawitz and others have been 
discussing the so called Ecumenical Systems, where connectives from these logics can co-exist 
in peace. In Prawitz’ system, the classical logician and the intuitionistic logician would share 
the universal quantifier, conjunction, negation, and the constant for the absurd, but they would 
each have their own existential quantifier, disjunction, and implication, with different meanings. 
Prawitz’ main idea is that these different meanings are given by a semantical framework that 
can be accepted by both parties. In a recent work, Ecumenical sequent calculi and a nested 
system were presented, and some very interesting proof theoretical properties of the systems 
were established. In this work we extend Prawitz’ Ecumenical idea to alethic K-modalities. 


Keywords: Ecumenical systems, modalities, labeled systems, Kripke semantics. 


1 Introduction 


In [3] Dag Prawitz proposed a natural deduction system for what was later called 
Ecumenical logic (EL), where classical and intuitionistic logic could coexist in peace. 
In this system, the classical logician and the intuitionistic logician would share the 
universal quantifier, conjunction, negation, and the constant for the absurd (the neutral 
connectives), but they would each have their own existential quantifier, disjunction, 
and implication, with different meanings. Prawitz’ main idea is that these different 
meanings are given by a semantical framework that can be accepted by both parties. 


' This work was partially financed by CNPq and CAPES/Brazil - Finance Code 001. 
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INITIAL AND STRUCTURAL RULES 
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AABYT>C TrS>AAB AV;B,T>C “ TSA,VjAr *? 
ATRL B=), P7A,7B > 1 A>,BT>A BY Se... 
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AS paca 2. Spee PES eee. 
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Aly/x],¥x.A,T => C T= Aly/x] os 
Vx.A,T>C T>Vx.A 
Al[y/x],T > C T = Ab /x] Al[y/x],T > 1 T,Vx.7A > 1 
4,x.A,T > C ade Ss qjx.A ah 4.x.ATS 1 ah TS 4x.A AR 


Fig. 1. Ecumenical sequent system LEci. In rules VR, 4;L, 4.L, the eigenvariable y is fresh. 


While proof-theoretical aspects were also considered, his work was more focused 
on investigating the philosophical significance of the fact that classical logic can be 
translated into intuitionistic logic. 

In this work, we propose an extension of EL with the alethic modalities of necessity 
and possibility. There are many choices to be made and many relevant questions to be 
asked, e.g.: what is the ecumenical interpretation of Ecumenical modalities? Should 
we add classical, intuitionistic, or neutral versions for modal connectives? What is 
really behind the difference between the classical and intuitionistic notions of truth? 

We propose an answer for these questions in the light of Simpson’s meta-logical 
interpretation of modalities [4] by embedding the expected semantical behavior of the 
modal operator into the Ecumenical first-order logic. 


2 Thesystem LEci 


The language £ used for Ecumenical systems is described as follows. We will use a 
subscript c for the classical meaning and i for the intuitionistic, dropping such subscripts 
when formulae/connectives can have either meaning. 

Classical and intuitionistic n-ary predicate symbols (P,, P;,...) co-exist in £ but 
have different meanings. The neutral logical connectives {L, =, A, ¥} are common for 
classical and intuitionistic fragments, while {—;, V;, d;} and {—,, V., 4} are restricted 
to intuitionistic and classical interpretations, respectively. 

The sequent system LEci (Fig. 1) was presented in [2] as the sequent counterpart 
of Prawitz natural deduction system. Observe that the rules R, and L, describe the 
intended meaning of a classical predicate P, from an intuitionistic predicate P;. 

The following are easily provable in LEci: 
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(i) FLeci (A Ve B) 3; “(GA AB); 
Gi) FLEc (A >, B) 3; 7(A A AB); 
Gi eG AetsOeaw: 
(iV) He Vx.A 3; 7dex.7A but Keg 7A-x.7A —; Vx.A in general. 


Theorems (i) to (iii) are of interest since they relate the classical and the neutral 
operators: the classical connectives can be defined using negation, conjunction, and 
the universal quantifier. Observe that (iii) and (iv) reveal the asymmetry between 
definability of quantifiers: while the classical existential can be defined from the 
universal quantification, the other way around is not true, in general. 


3 Ecumenical modalities 


The language of (propositional, normal) modal formulas consists of a denumerable set 
Ff of propositional symbols and a set of propositional connectives enhanced with the 
unary modal operators 0 and concerning necessity and possibility, respectively [1]. 

We will follow the approach in [4], where a modal logic is characterized by the 
respective interpretation of the modal model in the meta-theory (called meta-logical 
characterization). 

Formally, given a variable x, we recall the standard translation [-],, from modal 
formulas into first-order formulas with at most one free variable x: for any P € P, a 
unary predicate symbol P is associated to it and [P], := P(x); [1], := 1; for any binary 
connective x, [A * B], := [A], * [B],; for the modal connectives 


[OA], := Vy(R(x,y) > [Aly) [OA], :=  Ay(R@,y) A [Aly) 


where R(x, y) is a binary predicate. 
The object modal logic ML is then interpreted in the first-order meta logic FOL as 


FML A iff FFOL Vx.[A], 


Hence, if FOL is classical, the former definition characterizes the classical modal logic 

K [1], while if it is intuitionistic, it characterizes the intuitionistic modal logic IK [4]. 
In this work, we will adopt first-order EL as the meta-theory (given by the system 

LEci), hence characterizing what we will defined as the ecumenical modal logic EK. 


3.1 An Ecumenical view of modalities 


The language of Ecumenical modal formulas consists of a denumerable set P of (Ecu- 
menical) propositional symbols and the set of Ecumenical connectives enhanced with 
unary Ecumenical modal operators. There is no canonical definition of constructive 
or intuitionistic modal logics. Here we will mostly follow the approach in [4] for 
justifying our choices for the Ecumenical interpretation for possibility and necessity. 

The ecumenical translation [-]¢ from propositional ecumenical formulas into LEci is 
defined in the same way as the modal translation [-], in the last section. For the case of 
modal connectives, our proposal is that the box modality is a neutral connective, while 
the diamond has two possible interpretations: classical and intuitionistic, as its leading 
connective is an existential quantifier. Hence we should consider the ecumenical 
modalities: 0, >;, ,, determined by the translations 
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Fig. 2. Ecumenical modal system labEK. In rules OR, O;L, >.L, the eigenvariable y is fresh. 


[DA :=  Vy(R(x,y) 7 [AT 
[OiAle :=  Fy(ROxy) ATAIS) 
[OcA}e :=  Ay(R(x.y) A (AI) 


Observe that, due to equivalence (iii), we have ©.A ©; =0—7A. We will denote by EK 
the Ecumenical modal logic meta-logically characterized by LEci via [-]¢. 


4 A labeled system for EK 


One of the advantages of having an Ecumenical framework is that some well known 
classical/intuitionistic systems arise as fragments [2]. In the following, we will seek 
such systems by proposing a labeled sequent system for Ecumenical modalities. 

The basic idea behind labeled proof systems for modal logic is to internalize 
elements of the associated Kripke semantics (namely, the worlds of a Kripke structure 
and the accessibility relation between them) into the syntax. Labeled sequents have the 
form [+ z: C, where I is a multiset containing labeled formulas of the form x : A and 
relational atoms of the form xRy, where x, y range over a set of variables and A is a 
modal formula. 

Following [4], the meta-logical soundness and completeness theorems are proved 
via a translation between rule applications in labEK and derivations in LEci. 


Theorem 4.1 Let I be a multiset of labeled modal formulas and denote [T] = {R(x, y) | 
xRy €T}U {[B]. | x: BET}. The following are equivalent: 
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I, T+ x: A is provable in labEK. 
2. [[] = [A]§ is provable in LEci. 


Finally, observe that, when restricted to the intuitionistic and neutral operators, 
labEK matches exactly Simpson’s sequent system Luo [4]. 


5 Discussion and conclusion 


This is a short version of the text available at https: //arxiv.org/abs/2005.14325. 
There, the interested reader may find: all the proofs; an axiomatic and semantical 
interpretation of Ecumenical modalities; an extension of the discussion to relational 
systems with the usual restrictions on the relation in the Kripke model; and a discussion 
about logical Ecumenism in general. 

We end the present text by noting that there is an obvious connection between the 
Ecumenical approach and Gédel-Gentzen’s double-negation translations of classical 
logic into intuitionistic logic. This could lead to the erroneous conclusion that the 
ecumenical refinement of classical logic is essentially the same refinement produced by 
such translation. But, on a closer inspection, the ecumenical approach is not essentially 
Gédel-Gentzen translation: 


(i) Classical mathematical practice does not require that every occurrence of V in 
real mathematical proofs be replaced by its Gédel-Gentzen translation: there is no 
reason to translate the occurrence of V in the theorem (A — (A V B)). Given that 
the Gédel-Gentzen translation function systematically and globally eliminates 
every occurrence of V and J from the language of classical logic, one may say 
that the ecumenical system reflects more faithfully the “local” necessary uses of 
classical reasoning. 


(ii) The Gédel-Gentzen constructive refinement is based on a (systematic and total) 
translation function between the language of classical logic and the language 
of intuitionistic logic, while the ecumenical refinement considers how classical 
theorems are proved. 


That is, the ecumenical refinement “interpolates” the Gddel-Gentzen-translation func- 
tion. And this is extended, in our work, to reasoning with modalities. 
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Abstract 


We prove completeness of preferential conditional logic with respect to convexity over 
finite sets of points in the Euclidean plane. A conditional is defined to be true in a 
finite set of points if all extreme points of the set interpreting the antecedent satisfy 
the consequent. Equivalently, a conditional is true if the antecedent is contained in 
the convex hull of the points that satisfy both the antecedent and consequent. Our 
result is then that every consistent formula without nested conditionals is satisfiable 
in a model based on a finite set of points in the plane. The proof relies on a result 
by Richter and Rogers showing that every 

finite abstract convex geometry can be represented by convex polygons in the plane. 


Keywords: conditional logic, convex geometry, nonmonotonic consequence relations. 


1 Introduction 


Preferential conditional logic was introduced by Burgess [3] and Veltman [17] 
to axiomatize the validities of the conditional with respect to a semantics in 
models based on preorder. In this semantics a conditional y ~ w is true with 
respect to a preorder over a finite set of worlds if the consequent wv is true at all 
worlds that are minimal in the order among the worlds at which the antecedent 
y is true. Both Burgess and Veltman observe that completeness already holds 
for partial orders instead of just preorders. 

Preferential conditional logic has also been shown to be complete with re- 
spect to semantic interpretations that are quite different from the semantics 
in terms of partial orders. Most notable are the interpretation of validity of 
inferences between conditionals as preservation of high conditional probability 
[1,5] and premise semantics, where the conditional is interpreted relative to a 
premise set. A premise set is a family of sets of worlds, thought of as proposi- 
tions that encode relevant background information from the linguistic context 
[16,9]. In the paper summarized here [10] we provide yet another interpretation 
to preferential conditional logic. We show that it is complete with respect to 
convexity over finite sets of points in the Euclidean plane. This places condi- 
tional logic into the tradition of modal logics with a natural spatial semantics, 
most famous of which is the completeness of 54 with respect to the topology 
of the real line [13]. 
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Fig. 1. A finite set of points in the plane and examples of conditionals that are true 
or false relative to this set of points. 


2 Evaluating the conditional in the plane 


To illustrate our semantics consider the finite set of points in Figure 1. Think 
of these points as satisfying propositional letters as indicated in their label. For 
instance the point pgr in the upper right corner satisfies g and r but not p. 
Our semantics is such that a conditional y ~ w is true relative to such a set 
of points if the set of points at which y is true is completely contained in the 
convex hull of the set of points at which both y and w are true. Recall that a 
convex set is a set that for any two points in the set also contains the complete 
line segment between these points. Intuitively, these are the sets without holes 
or dents. The convex hull of a set is the least convex set that contains the set. 
In Figure 1 the conditional (pV q) ~ r is true because all points at which pV q 
is true are contained in the convex hull of the the points where p V q and r 
are both true, which is the shaded area in the figure. The conditional p ~~ r 
is however not true in the example because the point pq7 satisfies p but it not 
contained in the convex hull of the points pgr and pgr, which are all the points 
that satisfy p and q. 

An equivalent formulation of our semantic clause is that a conditional y ~ w 
is true if the consequent w is true at all the extreme points of the set of points 
where the antecedent y is true. An extreme point of some set is a point in 
the set that is not in the convex hull of all the other points from the set. 
Intuitively, the extreme points of some set are the outermost points of that set. 
In the example from Figure 1 we have that pqr, Dar and pgr are the extreme 
points of the shaded area. On the other hand pq7 is not an extreme point of 
the shaded area because it is in the convex hull of the points pgr, pqr and pqr. 
Note that in this formulation of the semantic clause for a conditional yp ~~ w 
the extreme points of the set of points satisfying the antecedent vy play a role 
that is analogous to the minimal y-worlds in the order semantics. 

Our semantics is only defined for formulas that do not contain nested condi- 
tionals and in which all propositional letters occur in the scope of a conditional. 
It is possible to overcome this restriction but this would not significantly influ- 
ence the axiomatic questions that this paper is concerned with. 
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The main completeness result of our paper can be formulated as follows: 
All finite constellation of points in the plane of the kind shown in Figure 1 
satisfy all the theorems in preferential conditional logic and every formula that 
is not a theorem of the logic is false in some such constellation. 


3 The proof of completeness 
The completeness proof for the semantics in the plane consists of two steps: 


(i) We first observe that preferential conditional logic is complete for a se- 
mantic in models based on finite abstract convex geometries. 


(ii) We then show that every finite abstract convex geometry can be repre- 
sented by a finite set of points in the plane in such a way that all true 
formulas of conditional logic are preserved. 


From these two steps we obtain our completeness result because by the first 
step every consistent formula vy is true in some finite model based on abstract 
convex geometries and by the second step this model can be transformed into 
a concrete model of y that is based on a finite set of points in the plane. We 
now describe these two steps in greater detail. 


3.1 Abstract convex geometries 


In the first step we make use of the notion of a convex geometry [4,8,2]. For- 
mally, convex geometries are families of sets that are closed under arbitrary 
intersections and have the anti-exchange property, which is a separation prop- 
erty that is reminiscent of the Tp separation property in topology. Convex 
geometries are a combinatorial abstraction of the notion of a convex set in Eu- 
clidean spaces, such as the Euclidean plane. This is somewhat analogous to how 
topological spaces are an abstraction from the notions of open and closed sets in 
Euclidean spaces. The convex sets in any subspace of an Euclidean space form 
a convex geometry. But it is not the case that every abstract convex geometry, 
or even every finite abstract convex geometry, is isomorphic to a subspace of 
some Euclidean space. An easy way to see this is that in any Euclidean space 
all singleton sets are convex, which is not enforced by the definition of a convex 
geometry. 

One can view the semantics in convex geometries as a generalization of the 
order semantics over partial orders. The family of upwards closed sets in any 
partial order form a convex geometry. Moreover, a conditional is true relative 
to a given partial order if and only if it is also true in the convex geometry of 
all upwards closed sets in the order. 

The semantics in abstract convex geometries can also be seen as a further 
development of premise semantics. The convex sets in our semantics play the 
role of the complements of the sets of worlds in the premise set of premise 
semantics. There is, however, a crucial difference in the semantic clause with 
which a conditional is interpreted in a family of sets of worlds. Motivated by 
linguistic considerations premise semantics uses a quite sophisticated semantic 
clause that is insensitive to closing the family of sets under intersections. In 
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[14,6] it is observed that for developing proof systems for preferential condi- 
tional logic it is beneficial to lift the implicit assumption that family of sets of 
worlds, relative to which the conditional is evaluated, is closed under intersec- 
tions. To achieve this they use a simplified semantic clause from [11] that is 
sensitive to closure under intersections. When one uses the conditional with 
this semantic clause relative to a family of sets of worlds that is not closed 
under intersection different formulas turn out to be true than would be true 
relative to the same family of sets of worlds using the semantic clause from 
premise semantics. Thus, it is helpful to distinguish this new setting from 
premise semantics and call it neighborhood semantics. 

This neighborhood semantics is also the starting point for the categorical 
correspondence in [12]. This paper establishes a correspondence between finite 
Boolean algebras with additional structure that encodes non-nested preferential 
conditional logic and families of subsets of the atoms of these algebras. To 
obtain a well-behaved correspondence it is necessary to allow for families of sets 
that are not closed under intersections. However, one can require closure under 
unions and a separation property that is dual to the anti-exchange property 
mentioned above. If one then considers the complements of all the sets in a 
such a family of sets then one obtains a family that is a convex geometry. 


3.2. Representation of convex geometries in the plane 


The second step of proof is to show that for every abstract convexity there is a 
finite subspace of the plane that satisfies the same formulas in conditional logic. 
This step is not trivial because, as we already explained above, not every finite 
convex geometry is isomorphic to a subspace of some Euclidean space. However, 
following [7], there has recently been a lot of literature on representing finite 
convex geometries inside of Euclidean spaces using more complex constructions 
than just selecting a subspace. For the proof of completeness we make use of 
one such representation result by [15]. Their construction shows that every 
finite convex geometry is isomorphic to the convexity over a set of polygons in 
the plane, such that every point in the original convex geometry corresponds 
to a whole polygon in this set. This representation is such that the extreme 
points of any two polygons in the set of polygons are disjoint. One can thus 
define a function that maps an extreme point of some polygon in the set to the 
point in the original convex geometry that the polygon is representing. The 
domain of this function can be considered to be the finite subspace of the plane 
consisting of all the points that are an extreme point of one of the polygons. 
The crucial insight is then that this function is a strong morphism of convex 
geometries in a sense defined in [12], which guarantees the preservation of true 
formulas in conditional logic. 


4 Limitative results and open questions 


The completeness result for finite sets of points in the plane cannot be improved 
to a completeness result with respect to finite set of points on the real line. The 
reason is that the line validates additional formulas that are not theorems of 
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preferential conditional logic. As an example consider the formula 
d2=(pVqVr~s)> (pVa~s)V(pVr~s)V(qVr~ 8). 


To get an intuition for why 42 is valid in every finite set of points on the line 
consider the extreme points of the set of all points satisfying pVqVr. There are 
at most two such extreme points, namely the maximal and minimal elements 
of this set in the standard order on the reals. Now these two worlds are also the 
extreme points of at least one of the sets interpreting pV q, pVr and qV r. This 
example rises the question what axioms are necessary to obtain completeness 
for the conditional logic of the real line. 

A further open question is whether it is possible to prove completeness of 
preferential conditional logic with respect to infinite sets of points in the plane. 
The semantic clause taken from neighborhood semantics can also be used on 
infinite convex geometries, but most of the methods used in our completeness 
proof apply only to the finite case. 
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Abstract 


While attempting to prove that the logic ILWR is modally complete, we found a new 
series of interpretability principles. In this short paper we sketch the proofs that the 
series is arithmetically sound, show that principles are valid in ordinary ILWR-frames, 
and evaluate the possible impact of our results. 
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1 Introduction 


Interpretability logics are propositional modal logics extending provability log- 
ics with a binary modality > denoting formal interpretability over some base 
theory T. We shall mostly be interested in so-called sequential theories. These 
theories can code pairs of objects and as such the natural numbers can natu- 
rally be embedded in them together with coding machinery for syntax so that 
indeed the notion of interpretability can be formalised. Then, for some sequen- 
tial base theory T’,, the expression A> B will stand for “T’ together with some 
arithmetical reading of B is interpretable in T together with the arithmetical 
reading of A”. 
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The language of interpretability logics extends the basic (mono)modal lan- 
guage with formulas of form A> B: 


A n= L|Var|A>A|DA|ACGA 


where Var generates a countable set of propositional variables. Since usually 
we take the logic IL as our base logic, and IL 07A © Ab L, we can choose 
to leave the symbol 0 out of the language. 

We adopt a reading convention due to Dick de Jongh that allows us to write 
fewer brackets. The precedence is such that the strongest binding symbols are 
a, GO and © which all bind equally strong. Next come A and V, followed by 
> and the weakest connectives are > and © . Thus, for example, A> B > 
AAQC > BAQC will be short for (A> B) > ((AADC) > (BAXDC)). 

Given a sequential theory T’, the logic IL(T) is the set of modal formulas 
whose so-called arithmetical interpretations are provable in T. An arithmetical 
formula is an arithmetical interpretation of A if it is obtained from A by sub- 
stituting propositional variables with sentences, and the operator > with the 
interpretability predicate. There are multiple plausible choices for the notion 
of an interpretability predicate. Unless stated otherwise, we are talking about 
theorems interpretability: Int(A, B) stands for “there is a translation function 
* such that for all C, ifT+BtC then T+AtC*”. Here * is any translation, 
a function that preserves structure up to quantifier relativisation (see e.g. [8] 
for details). 

Next we turn to relational semantics. The results in this paper rely on 
the (ordinary or regular) Veltman semantics. The future work, and indeed the 
motivation for this paper, is centred around the notion of generalised Veltman 
semantics. So let us define both the regular and generalised Veltman semantics. 


Definition 1.1 A generalised Veltman frame § is a structure (W, R, {Sy sw € 
W}), where W is a non-empty set, R is a transitive and converse well-founded 
binary relation on W and for all w € W we have: 

a) Sw S Riw] x (P(Rlw)) \ {0}); 

b) S., is quasi-reflexive: wRu implies uS,,{u}; 

c) Sw is quasi-transitive: if uS,,V and vS,,Z, for all v € V, then 

US (Uvev Zz); 
d) if wRuRv, then uS,{v}; 
e) monotonicity: if uS.,V and V C Z C Rw], then uS,,Z. 


A generalised Veltman model is a quadruple IN = (W, R, {Sy :w €e W},V), 
where the first three components form a generalised Veltman frame and where 
V is a valuation mapping propositional variables to subsets of W. The forcing 
relation IN, w lt A is defined in the expected way together with the following: 


wi ADB :e=> Vu (wRu & ul A= 3V(uSV & VIF B)). 
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We write V lt B as short for (VvEV) vlF B. 

To save some space, we define regular Veltman semantics by stipulating 
that a generalised model is an ordinary model if whenever uS,V, the set V is 
a singleton (i.e. V = {v} for some v), and we exclude monotonicity. 

By an ILX-frame we mean (a regular, if not stated otherwise) frame such 
that no theorem of ILX can be refuted using this frame. We say that a logic 
is complete w.r.t. (generalised) Veltman semantics if for any non-theorem A 
there is a (generalised) Veltman model satisfying A in one of its worlds. 

In [7] the logic known as ILR (IL + A> B > =(AD7=C)b> BADC) was proven 
to be modally complete (w.r.t. generalised semantics); and another, known as 
ILW (IL + A> B > A> BAT@WA), was known to be modally complete much 
earlier [1]. Problems occurred while trying to prove that the combination of 
these two logics, ILWR, is modally complete (see [2] for the statement of the 
problem and a discussion on how to overcome the problem). At the moment 
we believe ILWR is modally complete if it can prove principles contained in a 
certain (“W-flavoured”) series of principles. In this short paper we will only 
define this series and prove that the principles contained are arithmetically 
valid. We do not yet know e.g. if they are independent from other known 
principles. 

A major open problem in the field is to characterise IL(AIl), the intersection 
of interpretability logics of all sequential theories T. The search for IL(All) 
benefited from exploring modal semantics, in this case the so-called Veltman 
semantics (e.g. [3]). This is our motivation too. For definitions and other 
details concerning formalised interpretability please see the literature, e.g. [8]. 

The semi-formal modal logic CuL was introduced in [6]. The system is based 
on a richer modal language than the language of interpretability logics: modal 
operators are allowed to have a variable in their superscript. The intended 
arithmetical interpretation of this variable is a definable cut. In case the cut in 
question is the identity cut, we will just omit it. Various principles in TL(All) 
allow for an arithmetical soundness proof using CuL. (See [6], [4], and the forth- 
coming [5].) Due to size constraints, we will display some essential ingredients 
of the system without further comments referring the diligent reader to [6]: 


(3) ofASOA 

Li Fol(A> B)- (oA 0B) 
ib bolAsolDuA 

te T(ovA3 A)oOlA 

Ji -o(A>+B)>AbDB 


M2 T,(AAD’C > BAg’C)EDSI,AP BED 
Here J is a variable not occuring inT, A, B,D and J 4 JJ’ 


Of course we also use regular principles like Jo: (A> B)A(BEOC)> ABC, 
J3: (AB C)A(BEC)SO AV Be Cand Ja: A> BO (OA OB). 
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2 A W-flavoured series of principles 


We define the series of principles (Wn)new by stating Wo := W = Ap B > 
At BACO-AA and for n > 0: 


Un = OCp_1V °° VOC}; 

Vi :=A; 
forn>1: Vy :=7(Ch-1b CAV By1 V Un—1 9 Vn-1 & Br-1); 
forn>0O: W,r:=AEDOCAV Br V Una Vn tb Bn- 


Thus, the first few principles are (Wo actually being equivalent to W;): 


W, :ADOAVB, > AbD Bj; 
W2 :Ab OAV Bo VOC; > 7A(C, bP OAV By > AD By) > Bo; 
W; :ABb OAV B3 V O02 VOC; > 

> A(C2 > OAV Bo VOC) > A(C1 b OAV By > AD Bi) > Bo) > Bs. 


We omit the proofs of the following two lemmas. 


Lemma 2.1 Let n € w\ {0}. Suppose O(A > Vj e;e,_1 OX ACi) and Crib 
OAV Bn-1V Un—1. Then for some cut J the following holds: 


Cr-1 \ \ JC; > Bn-1 


1<i<n—2 


Lemma 2.2 For all cut variables K and all n € w \ {0}, 


KV, DAA \ K_O,. 


1<i<n-1 


Proposition 2.3 For alln € w \ {0}, F Wn, i.e. 
fF AB OAV B,V Un Vn & Bn 


Proof Suppose A> OAV B, V Un. Applying the principle W, A> By, V Un. 
Then there is a cut K such that 


AN J O*=C;>(BaVUn)A [\ OnGi. 


1<i<n-1 1<i<n-1 


By unpacking U,, we see that 


AN \ KC, > By A \ AC;. 


1<i<n-1 1<i<n-1 


In particular, 
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Lemma 2.2 implies 


Applying J2 gives V,, > B,,, as required. 
Theorem 2.4 For n € w, the principle W,, is valid in ILWR-frames. 
Proof Omitted. 


3 


V, b> AA \ K_C,. 


1<i<n-1 


Conclusion, status and future work 


Let us briefly comment on the status of the new series. At the moment we 
don’t have answers to the following three questions: (1) Is {Wn}new valid on 
generalised ILWR-frames?; (2) do we have ILWR | W,, for all n € w?; (3) do 
we have ILW{R,R™}k mew Ik Wy, for all n € w? 


If (1), we have (unpublished) modal completeness of IL{Wnh}new w.r-t. gen- 


eralised semantics. This is a strictly stronger system than ILW and ILR, and 
so would be the strongest system yet for which we have modal completeness. 
If (1) and (2), then ILWR = ILW,, and so we also have completeness of ILWR 
w.r.t. generalised semantics. 

If (1) and not (2) are the case, in addition we have incompleteness of ILWR. 


If (1) is not the case, then {Wn} new is independent of ILWR. If (1) is 


not the case and (3) is the case, with additional work we might still be able 
to prove completeness of IL{W,}new w-r.t. generalised semantics. If nei- 
ther (1) or (3), we have a (strictly) better lower bound of IL(All): the logic 
IL{W,RKR™ }km.new: 
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Abstract 


In this extended abstract we study Beklemishev’s combinatorial principle Every 
Worm Dies, EWD from [2]. This principle arises from considering a sequence of 
modal formulas, the finiteness of which is not provable in Peano Arithmetic, being 
equivalent to the one-consistency of PA. We show that this theorem can be gen- 
eralised in a straight-forward fashion to natural fragments of PA. Furthermore, we 
comment on our progress to extending the framework to fragments of second order 
arithmetic, most notably ACA. 


Keywords: Provability logics, independence results, ordinal analysis. 


1 Preliminaries 


The polymodal provability logic GLP has turned out a versatile logic since 
special elements —the so-called worms— in there can be interpreted in many 
ways: elements of a logic, words over an infinite alphabet, special fragments 
of arithmetic, Turing progressions, worlds in a special model for the closed 
fragment of GLP, and also ordinals. Due to these many interpretations of 
worms, Beklemishev could give ([1]) an ordinal analysis of PA and related 
systems. As a consequence, he could formulate a combinatorial principle about 
worms that is true yet independent of PA. 

In the recent paper [3], Beklemishev and Pakhomovy extend the method 
of ordinal analysis via provability logics to predicative systems of second or- 
der arithmetic. It is important to investigate if said analysis also comes with 
the expected regular side-products as classification of provably total recursive 
functions, consistency proofs, and independent combinatorial principles. This 
paper can be seen as some first explorations in this direction. 
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Definition 1.1 For A an ordinal, the logic GLP, is the propositional modal 
logic with a modality [a] for every a < A. Each [a] modality satisfies the GL 
identities given by all tautologies, distribution axioms [a](y > w) > ([a]ly > 
[a]¢), L6b’s axiom scheme [a]([a]y — vy) > [a]y and the rules modus ponens 
and necesitation y/[a]y. The interaction between modalities is governed by two 
schemes, monotonicity [6]y — [a]y and, negative introspection (6)y > [a](B)~ 
where in both schemes it is required that 8B <a< A. 


The closed fragment of GLP, suffices for ordinal analyses and worms are 
the backbone of it. 


Definition 1.2 The class of worms of GLP, is denoted W* and defined by 
Tews and, AceWA A a<A => (a) ACW. By WA we denote the set of worms 
where all occurring modalities are at least a. Worms A, BEW* allow order- 
ings <q for any a<A by defining A<,B := GLP,l+B-(a)A. We define 
the a-head ha of A inductively: ha(T):=T and ha((B)A):=T if B<a and 
ha((B)A):=(8)ha(A) otherwise. Likewise, we define the a-remainder rq of A 
as To(T):=T and, ra((8)A):=(B)A if B<a and re((8)A):=ra(A) otherwise. 
We define the head h and remainder r of (a) A as h((a)A):=ha((a)A) and 
r((a) A):=re((a) A). Further, h(T):=r(T):=T. 


The modalities can be linked to arithmetic by interpreting (n)y as the 
finitely axiomatisable scheme RFNy, (EA+y*) := {Onayy+9 7 o | o € Ey} 
where EA denotes Kalmar elementary arithmetic which is essentially induction 
for bounded arithmetical formulas together with an axiom stating that the 
graph of exponentiation defines a total function. The Og, —we will often simply 
also write O— denotes the standard arithmetisation of formalised provability 
and y* denotes an interpretation of y in arithmetic, mapping propositional 
variables to sentences, commuting with the connectives and, translating the 
(n) as above. The theory EA* is as EA now stating that superexponentiation 
is a total function. Simple worms relate to arithmetic via the following. 


Theorem 1.3 (Leivant, Beklemishev, Kreisel, Levy) Provably in 
EAt, for n>1 and * arbitrary: ID,=RFNs, (EA)=((n + 1)T)* and 
PA={((m)T)*|mew}. 

From [1] we know that (W%/=, <,) = (€0, <) so that worms (modulo prov- 
able equivalence) can be used to denote ordinals. We can find analogs of fun- 
damental sequences for ordinals by defining Q° (A):=(n) A; QRt1(A):=(n)(AA 
Q*(A)). By an easy induction on k one sees that Q*(A)< (n+ 1)A for any 
m<n and the sequence Q*(A) approximates (n + 1)A in the sense of the so- 
called reduction property from® [1]: EA +(n+1)A =r, BA + {Q*(A)}kew- 
This is provable in EAT so that we get the following corollary. 


Theorem 1.4 (Reduction property) EATH(m)(n+1) AGVk(m)Q* (A) 
(m<n). 


3 Since for closed formulas y* does not depend on * we will often drop the interpretation. 
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The sequence Q*(A) can be used to define decreasing ordinal sequences 
by defining ((n + 1)A)«k>>:=Q*t1(A). To make this stepping down also be 
defined on successor ordinals we define ((0)A)<k>>:=A. Of course we cannot 
get smaller than the minimal element so that we define T<k>>:=T. 

The step-down function can be rewritten to get a more combinatorial flavour 
reminiscent of the Hydra battle. To this end we define the chop-operator c on 
worms by c(T):=T;c((0)A):=A and, c((n + 1)A):=(n)A. Now we define a 
stepping down function based on a combination of chopping a word and the 
worm growing back. For worms A and B we define the concatenation AxB via 
T*B:=B and ((a)A)*B:=(a)(A*B). 

Definition 1.5 For any number & let A[k]:=c(A) for A=T or A=0B and 
A[k]:=(e(h(A))) 

From now on we often omit the «. It is easy to prove (see [2]) that for any 
A and k we have that A<k> is GLP-provably equivalent to A[k]. Given a 
worm A, we now define a decreasing sequence (strictly as long as we have not 
reached T) by Ap := A and Ax41:=A,z]& + 1]. We now define the principle 
EWD standing for every worm dies as an arithmetisation of VASkKA,=T. The 
principle, although true, is not provable in PA. Actually, it turns out to be 
provably equivalent to the one-consistency of PA. 


x r(A) otherwise. 


2 Worm battles for IX,, 

By EWD” we will refer to the principle restricted to worms of W", that is, 
VAEW"FkA,=T. Through a simple adaptation of [1] and [2] we will prove 
that EWD"*! is equivalent to the one-consistency of IZ, for n>0. To reach 
the EA-proof of EWD"* from 1-Con(IX,,) we shall make use of the following 
rule: 

Definition 2.1 By Tr. <olW4) we denote the following inference rule 
expressing transfinite induction along the ordering of <o for I[,-formulas y: 


V AEW (V B<oA 9(B) > 9(A)) 
V AEWS (A) , 
Then, via a conversion of the similar theorem found in [1]: 
Theorem 2.2 For every n>0, EA+1-Con(IX,,) contains [EA, TI” (Iz, W”)}, 
that is -the extension of EA by one application of the TI (Iz, W”) rule. 


And since EWD"”*" is a Iz sentence, we clearly obtain our desired result. 
For independence, as in [2], we introduce an analogue of Hardy func- 
tions: Let ha(m) be* the least k such that Alm...m+k]=T, where 
Alm...m+k]:=A[m]...[m+k]. Given worms A and B we define the or- 
dering A<IB iff A=B[0]... [0] for a finite number of iterations. ° This relation 


4 Confusion with the ha and h function from Definition 1.2 is not possible due to different 
types of arguments. 

5 iff A is an initial segment of B apart from possibly the first element which should then be 
smaller. 
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gives us an easily proven, through the definitions above, monotonicity for the 
ha functions: 


Lemma 2.3 If hp(y) is defined, A BEW” and x < y then 
1. dk Blm...m+k]=A. 
2. V¥m<y dk Bln...n+k]=Alm]. 
3. ha(a) is defined and ha(x)<hp(y). 
Lemma 2.4 If A € W, and hp(y) is defined, then hip(n)>h\?(n). 

The above are formalizable in EA. Let f| denote Vadyf(x)=y. 
Lemma 2.5 EA} V AcCWY (hati J > (1) A). 
Proof. Reasoning in EA. By L6éb’s theorem, we can assume that 

VAEW? [Ll (Aaisii + > (1) A). (1) 


If Al111=1B then hipl > Ar.hG(x)|. The function hg is increasing, 
has an elementary graph and grows at least exponentially as by Lemma 2.4, 
hiii(a)>2”. So for A=T we have that hi11,, implies the totality of 27 and 
hence EAT which is known ([2]) to imply (1)T. For A nonempty, we reason: 


dr.h@ (x) (1)hp lt, a theorem of EA((2]) 
— (1) (1) B, by Assumption (1) 
> (1) A. 
If A1111=B starts with m>1, then as before hg | implies EA* and, 
hp | > Av-hppa(e +1) 4 
> Vn hpi + by Lemma 2.3 
Vn hpn+y + 
Vn hip t+ (as 1(Bln])3B[n + 1) 
Vn Aw-h$} (2) 4 
>Vn ()hgmjl (as before) 
> Vn (1) (1) (A[n]) by Assumption (1) 
— (1) A (by the reduction property). 


Now to prove the independence of the worm principle for IX, for n>0, 
assume inside EA that the principle holds. We have: 


EAE V AeW"t! dm An=T 3 VAEWTT hy t 
+ Vk (1) ((n+1)T[A]) 
— (1) (n+1)T (by the reduction property) 
+ 1-Con(IZ,). 


We can make use of the reduction property since (1) (n+ 1)T — (1)T, which 
in turn implies EAT. 


Papafillipou and Joosten 69 


3 Towards subsystems of second-order arithmetic 


Following [3] we expand the language CL of arithmetic to £4 with a sequence 
of truth predicates {Tg : 8 < a} satisfying the Uniform Tarski Biconditional 
axioms of truth UTBz,. That is, the schema Vz (y(%) & T(y(Z))) for all 
B<a and peLg. We will denote UTBy := UTBea+y1 and UTBe := UTBo. 
Given an elementary well ordering, (A,<) we expand the arithmetical hi- 
erarchy into the so-called hyperarithmetical hierarchy up to w(1+ A). Let 
Wistar Te Cia) and I<, := Ue, He for limit \. This allows us to 
expand reflection principles to the hyperarithmetical hierarchy. To expand the 
reduction property towards limit ordinals, we can use the following theorem 
from [3]. 


Theorem 3.1 Let X = w(1+a) and S provably contain EA + UTBy. Over 
EA + UTB, we have RFNn, (S$) =n-, RFNmn_, (S). 


This can lead us with some candidates to choose for the nth entry in the fun- 
damental sequence for (A) A worms with \ a limit ordinal. It also helps in satis- 
fying the requirements to express some theories of second-order arithmetic as a 
chain of reflection principles. So for instance by [3] if we let S$ := EAt+UTBe 
then ACA is mutually interpretable with PA(T) := $+ RFNqr_J,.(S) =n2.5 
S+RFNyq,,($). With this, proving EWD%? from 1-Con(PA(T)) can follow 
the steps of the existing proof in [2]. 

Difficulties are met in proving its independence. Specifically in providing a 
sufficient monotonicity with a corresponding of Lemma 2.3. The demands for 
which, are dictated by Lemma 2.5 with the following implications: 


At hia] (e+1)L7Vn hp] 45 
Vn hpin+i] L 3 Vn hi Bln] L : 


A restriction to the ordering relation in accordance to the demands of Lemma 
2.3 appears to clear the path for ACA and perhaps second-order theories of 
comparable strength. As such, this paper reports on work in progress that 
shall be published at some point in [4]. 
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Abstract 


This paper is devoted to the development of cut-free hypersequent calculi for the 
modifications of S5 having non-standard modalities: contingency, non-contingency, 
essence, and accident operators. As a basis for our calculi, we take Restall’s cut-free 
hypersequent calculus for S5. We modify its rules for the aforementioned modalities. 
We show that all axioms and rules of Hilbert-style axiomatizations of the logics in 
question are provable in our hypersequent calculi. We establish soundness, complete- 
ness and cut elimination theorems for the hypersequent calculi. 


Keywords: modal logic, non-contingency logic, essence logic, accident logic, 
hypersequent calculus, cut elimination. 


1 Introduction 


Sequent and hypersequent calculi for modal logics are a fruitful and well- 
developed area of research. Most of standard modal logics have already had 
cut-free sequent or hypersequent calculi. The modal logic S5 is especially sig- 
nificant in this sense. Although there is no a cut-free standard sequent calculus 
for it, there are at least eight different cut-free hypersequent calculi and several 
cut-free non-standard sequent calculi for it (see [1,6] for more details). But 
in the case of non-standard modalities (contingency, non-contingency, essence, 
and accidence) the situation is worse. We know only Zolin’s papers [12,11] 
which contain non-cut-free sequent calculi for some non-contingency logics (in 
particular, for the non-contingency version of $5). Since there are a plenty 
of cut-free calculi for S5, we believe that this logic is an appropriate starting 
point for the development of cut-free hypersequent calculi for the modal logics 
having non-standard modalities. Hereafter we use Restall’s [9] hypersequent 
calculus for S5, since it is one of the simplest calculi for it. 

Let us say a few words about the history of the study of non-standard 
modalities. Although the philosophical discussion about contingency and non- 


1 The research presented in this paper is supported by the grant from the National Science 
Centre, Poland, grant number DEC-2017/25/B/HS1/01268. 
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contingency goes back centuries, the formal presentation of contingency and 
non-contingency logics is due to Montgomery and Routley [7,8]. In partic- 
ular, they present several axiomatizations for S5-style contingency and non- 
contingency logics. Essence logics were developed by Fine [3,4]. The essence 
modality means that “the proposition A is essentially true”, i.e. “if A is true, 
then it is necessarily true”. The formal treatment of the accident modality 
was done by Small [10] in the context of Gédel’s ontological argument. This 
modality means that “although A is true, it is not necessarily true”. 

The structure of the paper is as follows. In Section 2, we describe the 
semantics and axiom systems for $5 and its modifications with non-standard 
modalities. Section 3 is devoted to the presentation of hypersequent calculi for 
the logics in question and the discussion of their meta-theoretical properties. 


2 Semantics and axiom systems 


Let us fix a modal language Lo, where © is an unary operation from 
the set {0,0,>,»,0,¢e} (these symbols stand for necessity, possibility, non- 
contingency, contingency, essence, and accident operators, respectively), with 
the alphabet (P,©,-7,V,A,—,(,)), where P is the set {p,q,r,pi,...} of propo- 
sitional variables. The set Fo of all £o-formulas is defined in a standard 
inductive way. We write Co@, where © and @ are unary operations from the 
set {0,0,0,»,0,¢} such that © 4 ®, for a bimodal language with both © 
and ® in its alphabet. Analogously, we write Foe for the set of all formulas 
of this bimodal language. 

The logic $5 can be built in three languages: Lo, Lo, and Loy. We 
consider the latter variant. A pair (W,V) is an S5-model, if W 4 @ and V is 
a mapping from W x Fog to {1,0} such that it preserves classical conditions 
for truth-functional connectives and for any A € Fog and x € W we have: 


¢ V(OA, x) = 1 iff VyewV(A, y) = 1, 
¢ V(OA,2) = 1 iff djewV (A, y) = 1. 


The axiom system for S5 has all classical axioms, modus ponens, substitu- 
tion rule, Gédel’s rule (if F A, then F OA), and the subsequent modal axioms: 


(1) O(p > q) > (Gp > Oa), (3) Op > Op, 
(2) Op p, (4) Op -O-p. 


A semantic condition for the non-contingency operator > is as follows: 
© V(>A, x) = 1 iff VyewV(A,y) = 1 or VyewV(A, y) = 0. 

Following Montgomery and Routley [7] and Zolin [11], by the non- 
contingency version of S5 we mean the logic S5° which is the smallest set 


closed under modus ponens, substitution rule, Gédel’s rule for > (if F A, then 
F bA) and contaning all classical axioms as well as the subsequent modal ones: 
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(1) p> (b(p3q) > (bp eq), (3) BD. 
(2) bp bop, 


A semantic condition for the contingency operator is presented below: 


¢ V(eA, x) = 1 iff dyewV(A,y) = 1 and JyewV(A, y) = 0. 


Let us present one of Montgomery and Routley’s [7] axiom systems for S5”. 
It is obtained from the one for $5” by changing > to =» in Gédel’s rule and 
replacement of the axioms for > with the following ones: 


(1) p> (“> (p> 9g) > (hq &p)), (3) a> p. 
(2) Bp mop, 


A semantic condition for the essence operator is as follows: 


© V(oA, x) = 1 iff V(A, x) = 0 or VyewV(A,y) = 1. 


Axiomatization of S5° was developed by Fan [2] and it has all classical 
axioms, modus ponens, substitution rule, and the following modal axioms and 
inference rule: 


(1) oT, (4) p— o(onmp > p), 
(2) =p > op, (5) comp + o(onp > p), 
(3) (op A oq) > o(p Aq), (6) iff A> B, thent (AAoA) > B. 


A semantic condition for the accident operator is as follows: 
¢ V(eA, x) = 1 iff V(A, x) = 1 and dyewV(A,y) = 0. 
Axiomatization of S5*° can be obtained from Fan’s axiomatization of S5° 


due to equations eA = -0A and oA = 7A. It has all classical axioms, modus 
ponens, substitution rule, and the following modal axioms and inference rule: 


(1) -eT, (4) e(=p > erp) > mp, 
(2) ep p, (5) e(ap + enp) > 7e-p, 
(3) e(p Aq) > (epV eq), (6) H A> Byields + (AAA) > B. 


3 Hypersequent calculi 


If T and A are finite multisets of formulas (of one of the languages considered 
in the paper), then we say that an ordered pair written as T > A is a sequent. 
By a hypersequent we mean a multiset of sequents written as T; = A, | 
...| Ty, => Ay. A sequent T => A is valid in an S5-model (W,V) iff for any 
x € W it holds that V(A,x) = 1 (for any A € [) implies V(B,x) = 1 (for 
some B € A). A hypersequent is valid in an S5-model iff at least of one its 
components is valid in the same model. The notion of a proof a hypersequent 
calculus are understood in the standard way. If a hypersequent H is provable 
in a hypersequent calculus, we write /;, H (while + we use for provability in 
axiom systems). 
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Let us introduce Restall’s hypersequent calculus for $5 [9]. The only axiom 
is as follows: (Ax) A => A. The structural rules are as follows: 


Gwe Gry" 
A=>|H =>A|H 
ccs) MAPSAIH 4) PSA AAlH 
AT=s>A|H TsSA,A|H 


TrSA|Uls=t|Az (p= aes Al>z|G 
rm+A,>|A rm+A,>|A|G 
It’s easy to observe that internal weaking rules as well as external contrac- 
tion rules are derivable. Propositional logical rules are as follows: 
TsSA,A|H A,T>A|H 
G JIATS A/F ) PSA AAA 
A,T>A|H BT=S>A|G Gv T>A,A,B|H 
AVB,TS>A|H|G TSA,AVB|H 
A,B,T>A|H ‘ T>A,A|H T>A,B\|G 
AABT>S>A|H TS>A,AAB|H|G 
G Nessie ects Bu>X|G (64) A, >A,B|H 
A>B,T,I>A,4|H|G TS>A,A>B\H 
Modal logical rules are given below. 
A,T>A|H =>A|H 
( ) A>|TSA|H ( ) A|H 
Although Restall himself did not consider the rules for >, they were sug- 
gested for his calculus in [5]: 
A=>|H TSA,A|A 
~AS>|A ( TSA|S9$A|AI 
The rules for non-standard modalities are given below. 
is fecal Il>b,A|G sea iaees 
pAS|TSA|II=>|A|G > pA|A 
a ena ee ele pj et Il>b,A|G 
rpA>|H >rpA/TSA|IIS>X|A|G 
AT=A|H Il>b,A|G =A|ATSA|HA 
oA, ISD |/PFSA|AIG 7°) eA oA 
>A|A,T>A|H A,T>A|H Il>%,A|G 
Co ra (>) TS r.6A|TSAlHIG 
Let © € {>,Pm,0,¢e}. A hypersequent calculus for the logic $5© is obtained 


from Restall’s one for S5 by the replacement of the rules for 0 and > with the 
rules for ©. 


(Merge) 


(v=) 


(Ax) 


(0 =) 


(o=) 


Theorem 3.1 (Soundness) Let © € {>,m,0,e}. For every Lo-formula A, 
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it holds that S5° +;,, A implies S5° - A. 


Theorem 3.2 (Equivalence) Let © € {>,»,0,e}. For every Lo-formula A, 
it holds that S5° + A implies S5©° ky, A. 


As a consequence of Theorem 3.2 and the completeness of axiomatic sys- 


tems for the logics in question, we obtain the the completeness result for our 
hypersequent calculi. 


Theorem 3.3 (Completeness) Let © € {>,»,0,¢e}. For every Lo-formula 
A, it holds that S5° | A implies S5° Fy, A. 


Theorem 3.4 (Cut elimination) Let © € {D>,m,0,e}. The rule (Cut) is 
eliminable in S5°. 
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Abstract 


We introduce an algebraic semantics for propositional inquisitive and dependence 
logic based on intuitionistic logic, introduced in [5] via team-semantics. We prove the 
equivalence of the two semantics by proving a duality result between the category fi- 
nite Kripke frames and finite, well-connected, core-generated intuitionistic inquisitive 
algebras. 


Keywords: Inquisitive Logic, Dependence Logic, Intuitionistic Logic, Algebraic 
Semantics. 


1 Introduction 


In this work we introduce an algebraic semantics for propositional inquisitive 
and dependence logic based on intuitionistic logic, and we show some possible 
applications of this novel semantic framework. 

Dependence logic was introduced by Vaananen [14] as an extension of first- 
order logic with dependence atoms. In its standard formulation, dependence 
logic is defined via team semantics, originally introduced by Hodges in [8], 
which generalizes standard Tarski’s semantics by teams, namely set of assign- 
ments which map first-order variables to elements of the domain. In its propo- 
sitional version, a team is a set of valuations mapping propositional atoms to 
either 1 or 0. Propositional dependence logic has been studied in [15], while [16] 
considers several extensions of classical logic using team semantics. Intuitively, 
the dependence atom +{7, q) expresses the fact that the value of the variable q 
is uniquely determined by the values of the variables p. The constancy atom 
=(p) can then be seen as a special case of the dependency atom, saying that 
the value of a variable is constant in the underlying team. 

On the other hand, inquisitive logic was formally developed by Ciardelli, 
Groenendijk and Roelofsen in a series of articles, most notably in [4,6], where 


1 ] would like to thank Fan Yang for comments and discussions on this work. Also, I am 
very thankful to an anonymous referee for pointing me to related works in the literature. 
This research was supported by Research Funds of the University of Helsinki. 


76 Algebraic Semantics of Intuitionistic Inquisitive and Dependence Logic 


they introduced the so-called “support semantics”. Differently from depen- 
dence logic, inquisitive logic was developed hand-in-hand with inquisitive se- 
mantics — a linguistic framework that aims at providing a uniform formal char- 
acterisation of both questions and statements in natural languages. In partic- 
ular, polar questions expressing “whether p holds or not” are represented by 
an operator ?p defined using the inquisitive disjunction as ?p := p\V ap 

It is known that inquisitive and dependence logic are closely related [3,15]. 
They are both extensions classical logic that adopt team semantics and they 
are also expressively equivalent as they are both complete w.r.t. all downward 
closed team properties. In [5] Ciardelli, Iemhoff and Yang have built on this 
similarity to introduce InqI — a version of inquisitive logic which is based on 
intuitionistic, rather than classical logic and which can be easily provided with 
a dependency operator. 

In this work we we introduce an algebraic semantics for InqI based on the 
previous work on algebraic semantics of inquisitive logic [7,12,2]. Interestingly, 
similar work on intuitionistic inquisitive logic is currently being developed by 
Holliday [9] and Punéochdi [11]. 


2 Team Semantics of InqI 


We define the set Linqr of formulas of IngI inductively as: 


o:=pl|l|ap)|eA¢lovelo>ol ove; 


where p € AT is an arbitrary atomic formula. Negation is defined as =¢@ := 
o@ — L and the dependency atom can be defined from the constancy atom 
as =(0,q) := (Aien Svi))  =(q). If a formula a is defined in the restricted 
signature {1,A,—>,V}, then we say that ¢ is standard. We use greek letters 
a, 2,y... to denote standard formulas. 

The semantics of InqI is a version of team semantics over intuitionistic 
Kripke models. Fist, recall that an intuitionistic Kripke frame is a partial 
order § = (W, R). An intuitionistic Kripke model is a pair Nt = (F,V), where 
$ is an intuitionistic Kripke frame and V : AT > Up(W) a valuation of atomic 
formulas over upsets of §. Notice that a world w in a model can be viewed as 
an assignment w : AT > 2— hence we write w(p) = 1 if and only if p € V(w). 


Definition 2.1 Let IN = (W, R,V) be an intuitionistic Kripke model. A team 
is a subset t CW. A team s is an extension of a team t if s C R[E]. 


A team can thus be considered as a set of assignments. The team semantics of 
InqI is defined as follow. 


Definition 2.2 Let It = (W,R,V) be an intuitionistic Kripke model. The 
notion of a formula ¢ € Lingr being true on a team t C W is defined as follows: 


Mtep —> VWwet (w(p) =1) 
Mitel — t=h 
Mth ap) — > Vu,vet (w(p) =v(p)) 
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MtRwvAx = Mite wand M,te x 

MtRvuVy <= aAs,r Ct such that sUr=t,MN,sFwW and M,rk- x 
Mtevoxy — Vs (ifs C Rit] and M,sF wv then M,sF x) 
MtRvuVy = Mite wW or M,tk x. 


We then write INF ¢ if M,tF ¢ for allt C W and FEF ¢ if (¥,V) EF ¢ for all 
valuations V. The logic InqI is then defined as follow: 


InqI := {@ € Lingt : 5 F d where § is any intuitionistic Kripke frame} 


We recall some important properties of such semantics [5, Prop. 3.15]. Recall 
that a formula ¢ is flat (or truthconditional) if for any model SN and team t, 
we have that MNt,t—- 6 <=> M,wF ¢ for all w Et. 


Proposition 2.3 
¢ Persistency: if M,tF d and s C Rit], then M,s 
¢ Empty Team Property: IN,0 ¢, for all 6 € Lingt- 
° ¢ is flat if and only if there is a standard formula a such that 6 = a. 


Q. 


Finally, let us notice what are the inquisitive and the dependency features 
of the logic defined above. Inquisitive logic is usually introduced over the sig- 
nature {L,A,\V,—}, while the constancy atom comes from dependence logic. 
However, it is easy to check that =(p) = p \V 7p, so one could also decide not 
to take =(-) as a primitive symbol. On the other hand, note that the “intu- 
itionistic” disjunction V is not that given by the intuitionistic core logic, as we 
allow it to occur also in non-standard formulas. In fact, it is obtained by lift- 
ing the intuitionistic disjunction of standard formulas to the entire logic. This 
is known as teamification [10] in team-based logics. We believe the algebraic 
semantics of the next sections shall give new light to this phenomenon. 


3 Algebraic Semantics for InqI 


We shall now develop an alternative algebraic semantics for the system IngI 
defined in the previous section. 


Definition 3.1 [Intuitionistic Inquisitive Algebra] An intuitionistic inquisitive 
algebra (or IngI-algebra) H is a tuple (H,\v,V,A,—,0, Ho), where: 

¢ (A,W,A,—,0) and (Ho, V,A,—,0) are Heyting algebras; 

© Hy={ae H:Vuz,yla > («Vv y) =(a> 2) v(a>y)l}; 

e For all x,y,z € H, the following equality hold: 


(*) a2V(yWz)=(@Vy) WV (eV z). 


And we then define the constancy atom as a partial operation =(p) := pV 7p. 
Clearly (Ho,V,A,—,0) is a subalgebra of (H,\V,A,—,0) w.r.t. the reduct 
{A,—, 0}. We often refer to the algebra Hp as the core of the algebra H. Since 
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negation is defined as -=% := x — O, these two algebras also agree on their 
negation. A homomorphism between intuitionistic inquisitive algebras is any 
map h: H — H’ such that h(x © y) = h(x) © h(y) for © € {A, Vv, V,—-, V, OF. 
In general, if H is a Heyting algebra and kK C H, then we denote by (K) the 
subalgebra of H generated by kK. An InqI-algebra H is called core-generated 
if H = (Ap). 

Definition 3.2 An intuitionistic inquisitive algebraic model is a pair M = 
(H, 4) such that H is a IngI-algebra and yu : AT > Hp a core valuation, ie. pu 
assigns atomic formulas in AT to elements in the core Ho. 


The interpretation of an arbitrary formula ¢ € Lingr in an algebraic model 
M = (H, 1p) is then defined as follows. 


Definition 3.3 Given an intuitionistic inquisitive algebraic model M and a 
formula @ € Lypgr, its interpretation [¢]™ is defined as follows: 


[el = up) [1]” =0 
[oA v]” = [el A fe” [ov vy = [vY]” Vv Ix” 
[Ig ¥]” =[4]% > "ov vy)” = [6]” Vv )” 
We write M F° ¢ if [¢]” = 1. We say that ¢ is valid in H and write H F° ¢ 


if @ is true in every model M = (H,) over H. Finally, we say that ¢ is an 
algebraic validity of InqI if it is true in all intuitionistic inquisitive models. 


Proposition 3.4 (Normal Form) Let H be a intuitionistic inquisitive alge- 
bra and x € (Ho), then x = Wee a;, for some ao, ...dn € Ho. 
Theorem 3.5 Let ¢ € Ling, then H ¥° ¢ entails (Ho) ¥° ¢. 


Finally, we can prove a characterisation of core-generated, well-connected 
InqI-algebras. Recall that, if H is a Heyting algebra, H is well-connected if 
zVy = 1 entails thay x = 1 or y = 1. Also, recall that x € AH is join irreducible 
ife=yV z entails that ce =y orr@ =z. 


Theorem 3.6 Suppose H is a finite, core-generated and well-connected Heyt- 
ing algebra, then a € Ho if and only if a is join-irreducible. 


4 Equivalence of Team and Algebraic Semantics 


To prove the equivalence of team and algebraic semantics we shall first prove 
a categorical equivalence relating Kripke frames and intuitionistic inquisitive 
algebras. Let FinKF be the category of finite intuitionistic Kripke frames and 
p-morphisms and FIIA the category of finite, well-connected, core-generated, 
InqI-algebras and InqI-homomorphisms. 

We sketch the proof of the equivalence FinKF = FITA. First, we describe 
how, given a intuitionistic Kripke frame, we can obtain a finite, core-generated 
intuitionistic inquisitive algebra: 


5 —> Up($) -—> _Dw* (Up(8)) 
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Given an intuitionistic Kripke frame § = (W, R), we first consider the algebra of 
its R-upsets (Up($), U,N, 0). Since this is clearly a bounded distributive lattice, 
it is a Heyting algebra as well. Then, for the same argument, Dw*(Up($)), 
the set of all nonempty downsets of Up(%) ordered by the subset relation C 
also forms a Heyting algebra. Notice that upsets are taken with respect to the 
relation R of the Kripke frame §, while downsets are here downward closed 
subsets over the algebra (Up(§),U,N, 9). Now, let F,G be two functors F : 
FinkF > FIIA, G: FIIA > FinKF such that F: ¥ Dwt(Up(§)) and 
G: H++ PF(H). Together with a result from Raney [13] — which allows us 
to represent Heyting algebras generated by their join-irreducible elements as 
algebras of downsets of such elements — it follows by Esakia duality that F and 
G describe an equivalence of categories, namely FinKF = FITA. 

Now, suppose IN = (F, V) is a finite Kripke frame and let Hz be F(§). To 
obtain an intuitionistic inquisitive model corresponding to M, define the core 
valuation u(p) = o(V(p)). One can then prove the following theorem. 


Proposition 4.1 Let IN = (¥,V) be a finite Kripke frame and M = (Hz, 1), 
then INE @ if and only if M F° ¢. 


Finally, we obtain as a result the algebraic completeness of the logic InqI. 


Theorem 4.2 (Equivalence of Team and Algebraic Semantics) For 
any b © Lrngt, ¢ ts valid in all intuitionitic Kripke frames if and only if it is 
valid in all intuitionistic inquisitive algebras. 


5 Relation to Existing Works and Generalisations 


In [11], Punéochai has introduced an algebraic semantics for intuitionistic in- 
quisitive logic which is very similar to the one considered in this article. In 
particular, inquisitive Heyting algebras are introduced as algebras of antichains 
over bounded implicative meet semilattice. However, there are two important 
points worth stressing. Firstly, we have included two disjunctions in our sig- 
nature, the tensor disjunction and the inquisitive disjunction. One can also 
“forget” the tensor disjunction and require (Hp, \,—,0) to be a bounded im- 
plicative meet semilattice. It is then clear how our approach turns out to be 
complementary to that of [11]. In particular, we expect the class of inquisitive 
algebras defined in [11] to result as a class of representatives for our correspond- 
ing class defined in more equational terms. 

Secondly, an important aspect of such algebraic semantics, is that it allows 
us to consider some natural generalisations of this logic. In particular, it is 
very natural to consider intuitionistic inquisitive algebras whose core is the 
algebra of some intermediate logic. We then say that H is an L-inquisitive 
algebra if H F° L, where L is any intermediate logic in the standard signature 
{T,L,A,V,7}. Clearly, if H F° CPC, we then have that Ho is a Boolean 
Algebra, so H is a model of IngB and it indeed coincides with the algebraic 
semantics for standard inquisitive logic considered in [1,12,2]. 

Finally, a further direction is to develop an algebraic semantics for modal 
inquisitive and dependence logic. This aspect is particularly interesting as it 
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relates to the translations between intuitionistic and modal inquisitive logic 
described in [5]. It is an interesting open problem to characterise in algebraic 
terms the translations between intermediate and modal inquisitive and depen- 
dence logics. 
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Abstract 


In this paper, we investigate logic of bounded distributive residuated lattices with 
modal operators 0 and ©. We introduce relational semantics for such substructural 
modal logics. We prove that any canonical logic is Kripke complete using discrete 
duality and canonical extensions. See this preprint [7] to have more details. 


Keywords: The Lambek calculus, canonical extensions, residuated lattices 


1 Introduction 


Substructural logic is logic lacking some of the well-known structural rules such 
as contraction, weakening, or exchange. Algebraically, substructural logics rep- 
resent ordered residuated algebras [6]. In this talk, we consider the distributive 
version of the full Lambek calculus extended with normal modal operators 
and ©. We introduce ternary Kripke frames, relational structures for the dis- 
tributive Lambek calculus extended with binary modal relations. We establish 
a discrete duality between such Kripke frames and perfect distributive resid- 
uated modal algebras developing an approach proposed in [5]. We examine 
canonical extensions for those algebras applying techniques provided in [2] [4] 
to show that any canonical substructural distributive modal logic is Kripke 
complete. 


2 The distributive Lambek calculus with modal 
operators 

We introduce the distributive full Lambek calculus enriched with modal oper- 

ators. We represent such logics with pairs that have the form yl w. y and 


w are formulas generated by the grammar of the full Lambek calculus with 
and ©. 


1 The research is supported by the Presidential Council, research grant MK-430.2019.1. 
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Definition 2.1 A substructural normal distributive modal logic is a set of 
pairs A including the following axioms and inference rules: 


L 
pr p 
Pi 


pve 


From 


Fp, ph 7 


- py V po,t = 1,2 
piNpoet pi,t=1,2 
pA(aVr)F (pAqgV (pAr) 
(peq 
From 


jer pe(qger) 
- w and wt @ infer pl 0 


-L w and 6+ w infer 
Fy 


From ye dt w infer 6+ »\w and 


vice versa 


From yf w infer 


pr Op 


(pV q) 
oe 


pelttiepttp 


OpV O”g 


ip /\ 


(pA q) 


pe Ogr 


(peq) 


From ¢(p) 
pip = 7 


From @ 
vice versa 


From y 


F w(p) infer 


F op =] 


From gt w and yf 6 infer pk pA@ 
+ »\w infer pe @t w and 


+ w infer Op F Ow 


Substructural normal distributive modal logic extends distributive normal 


modal logic (see [5]) with residuals, product, and the axiom connecting 


and e. 


We define a ternary Kripke frame with the additional binary modal relations. 
Product and residuals have the ternary semantics as in, e.g., [1]. 


Definition 2.2 A modal ternary Kripke frame is a structure F = (W,< 
,R, Ro, Ro,O), where (W,<,) is a partial order, R is a ternary relation 
on W, Ro, Ro are binary relations on W, and O C W such that for all 


/ 
Vu,v,w,u’, 


(i) Ruvw 
(ii) 
(iii) 


de € W(Ruwe & Reu'v’) oF 
Ruvw & uw <u> Ru'vw, Ruvw & v' <v => Ruv'w, Ruvw &w < ww’ => 


vw EW: 


& wRow’ > 4 


Ruvw'. 


(iv) 


VYoe€ O Rvow © Rovw,v< wed 


z,yEW Rayw’ &uRoxr & vRoy. 
y € W(Ruo'y & Ruyv’). 


o € ORvow, and O is upwardly closed. 


(v) ux v&vRow > uRow andu<v&uRow > vRow. 


Definition 2.3 Let F = (W,<,R,Ro,Ro,O) be a modal ternary Kripke 
frame, a Kripke model is a pair M = (F,0), where 0) : PV — Up(W, <). 


=pSawev(p). 
ET; Mswk lL; M,w 
Kypepod 


KH epAyeM,w 
EyVbs M,w 


Evp&M,w 


E1LSwed. 
uveEWw Ruwk&MuEyp&M,veEv. 

Eyp\weVu,v €W Ruwy & M,uE ¢ implies M,v FE v. 
E w/p = Vu,u € W Ruwy & M,u 


L ap. 


E por M,wE wv. 


E y implies M,v 


E w. 
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(viii) M,w EF Oy 8 Vu € Ro(w) M,v EF ¢. 
(ix) M,w E Op S Jue Ro(w) M,v Fy. 
(x) Mawr yh veMweye>Mwey. 

Let F be a modal ternary Kripke frame and y- w a pair of formulas, F 
yt w iff for each valuation 3 (F,0) E pt wv. Log(F) ={pFv|FEp-E vy}. 
Let F be a class of modal ternary Kripke frames, then Log(F) = N¢er Log(F). 
Let A be a substructural normal modal logic, Frames(£L) = {F|F - L£} and CL is 
complete iff £ = Log(Frames(L)). By Lx, we mean the minimal substructural 
distributive normal modal logic, the smallest set of pairs including the axioms 
above and is closed under the required inference rules. 


l 


Theorem 2.4 Let F be a class of modal ternary Kripke frames, then Log(F) 
is a substructural distributive normal modal logic. 


3 Residuated distributive modal algerbas 
In this section, we study algebraic semantics and canonical extensions for sub- 
structural distributive modal logic. 


Definition 3.1 A residuated lattice is an algebra R = (L,-,\,/,¢), where 
£ is a bounded lattice, - is a binary associative monotone operation, € is a 
multiplicative identity, and the following equivalences hold for all a,b,c € L: 


b<a\cea-:b<ceaK<c/b 
Definition 3.2 Let R be a bounded distributive residuated lattice, a residu- 
ated distributive modal algebra (RDMA) is an algebra M = (R,O,©) such 


that O preserves finite suprema, © preserves finite infima, and for each a,b € R 
one has Oa- Ob < O(a: b). 


Definition 3.3 Let A be a substructural normal modal logic, Va is a variety 
of RDMAs defined by the set of inequations {y < | AF pF y}. 


Theorem 3.4 Let A be a substructural normal modal logic, then there exists 
an RDMA Rx such that prWEAUfRaA Ey < yw. 


We define a completely distributive residuated perfect lattice as a distribu- 
tive version of a residuated perfect one defined in [2]. 


Definition 3.5 A distributive residuated lattice £ = (L,\/,A,-,\,/,¢) is 
called perfect distributive residuated lattice, if: 


e Its lattice reduct is completely distributive. 


e ., \, and / are binary operations on LZ such that / and \ right and left 
residuals of -, repsectively; - is a complete operator on £L, and /: Lx L° > L, 
\:£° x L-+ L are complete dual operators, where £L° is the dual of L. 


We formulate canonical extensions for bounded distributive lattices with 
a residuated family in the fashion of [3]. We piggyback canonical extensions 
for bounded distributive lattice expansions. We refer to this paper [4] and 
omit the abstract definitions. We only recall that a canonical extension (a 
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dense and compact completion) of a bounded distributive lattice is completely 
distributive. 


Lemma 3.6 Let £ = (L,-,\,/,¢) be a bounded distributive residuated lattice, 
then LY = (L7,-7,\",/7,€) is a perfect distributive residuated lattice. 
We just define -°, \", and / explicitly instead of providing a proof that 
mostly repeats a construction from the paper by Gehrke [3]. 
Let a,a’ be filter elements of £7 and 6 an ideal one: 
(i) a\"b=Vi{xe\yla<axeEL ay < d} and similarly for the right residual. 
(ii) a-°a =fA{a-a’lasxvelk&aK<a' EL}. 
Let a,b € £°, then. 
(i) a-7b=Vi{a-7yl|a>a&b > y}, where x,y are filter elements 


(ii) a\"b=Af{a\"y|a>ax&b< y}, where x is a filter element and y is an 
ideal one. The b/"a case is similar to the current one. 

We concretise the construction establishing the discrete duality between 
perfect residuated lattices and perfect posets with ternary relation (see [2]) in 
a distributive setting. 

Let £ be a perfect distributive residuated lattice. We define a relation R 
on completely join-irreducible elements as Rabc © a- b < c and put O =f «, 
where ¢€ is a multiplicative identity. The structure Ly = (7°(L),<, R,O) is 
the dual ternary Kripke frame of a perfect distributive residuated lattice L. 

Let (W,<) be a poset and R C W?, O with the conditions (ii)-(vi) from 
Definition 2.2. Let us define the operations on Up(W, <) as follows: 


© A\B={wew |Vu,ve W Ruw &KuEeASve Bh 
© B/JA={wEeW |Vu,v Ee W Rwuvv € A> ve B} 
© A-B={wewWw|auve W Ruw & ue A&vE B} 
Let us call such a poset with a relation a ternary Kripke frame. 
Theorem 3.7 
(i) Let R be a perfect distributive residuated lattice, then R = (R+)*. 
(ii) Let F be a ternary Kripke frame, then F = (F*)x. 


Definition 3.8 Let £ be a perfect distributive residuated lattice and 0,© 
unary operators on £, then M = (£,0,¢©) is called a perfect distributive 
residuated modal algebra, if 0 is completely multiplicative, © is completely 
additive, and for each a,b € £ the inequation Oa - Ob < O(a- b) holds. 


Lemma 3.9 Let R be a distributive residuated lattice and M = (R,O,©) an 
RDMA, then M? = (R°,07,07) is a perfect DRMA. That is, the variety of 
all RDMAs is canonical. 


Proof. Let a,b be filter elements. Note that 07a-7 07b = A{Ow-Oyla<ae€ 
M,b < y € M} that follows from the definition of a filter element, the fact 
that O° preserves all infima and -” is an order-preserving operation. One has: 
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a-? [= 

At x: ylax<x@ELl,<rEl}<A{ (x-y)|a<zELk&b<reLl}= 
AO%{(x-y)la<sceElk&b<xreLl}= 
°A(a-y)|a<eELlL&b<reLl}=0%(a-7b) 


Let a,b € £°, then 

a-? Ob=V{O%n-7 O%yla>xEc(lL7) &b>yEeC(L7)E< 
ViO7(@-7y)|azaxeC(L7)&b>ayEeC(L7)} < 
°V{a-"yla>xEC(L7)&b>yEec(L7)} =U (a-b) 


Definition 3.10 A substructural normal modal logic £ is called canonical if 
Vz is closed under canonical extensions. 


Now we describe a discrete duality for RDMAs explicitly. The complex 
algebra of a modal ternary Kripke frame F = (W,<, R, Ro, Ro, O) is the com- 
plex algebra of the underlying residuated frame Ft with the modal operators 
defined as [RoJA = {u € W | Vw (uRow > w © A)} and (Ro) = {u € 
W | dw (uRow & w € A)}. Here A is an upwardly closed subset. These op- 
erations are well-defined. The dual modal ternary frame of a perfect RDMA 
M = (M,\V,A,9,°,-,\,/,€) is the dual frame M+ of an underlying perfect 
distributive residuated lattice with binary relations on completely join irre- 
ducible elements. We define these relations as aRpb K(a) < «(b) and 
aRoboa< Ob ?. 


Theorem 3.11 
(i) Let F be a modal ternary Kripke frame, then F © (F+)4. 
(ii) Let M be a perfect DRMA, then M = (M4). 


Theorem 3.12 Let £ be a canonical substructural distributive modal logic, 
then L is Kripke complete (and Lx as well). 
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Abstract 


In this extended abstract we compute some rather involved frame conditions w.r.t. 
Generalised Veltman Semantics for principles of interpretability logic. All proofs have 
been formalised in Agda and we briefly comment on this formalisation. 
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1 Preliminaries 


Interpretability logics aim to capture the provably structural behavior of for- 
malised interpretability in the same sense as provability logics do for formalised 
provability. While any reasonable theory has the same provability logic this is 
not the case for interpretability, and reasonable finitely axiomatised theories 
have a different interpretability logic than theories with full induction. A major 
open problem in the field is to characterise the core logic, denoted IL(All), that 
generates the modal logical principles that hold in any reasonable theory. 

This paper studies generalised frame conditions for two recently published 
([2]) series of principles in TIL(All). We work with Generalised Veltman seman- 
tics (GVS) as introduced by Verbrugge in [8] and defined below, since they allow 
for a more uniform treatment than regular Veltman semantics (see [6]). For 
1 janmasrovira@gmail.com, supported under grant number RTC-2017-6740-7. We thank the 
three anonymous referees for substantially improving the paper. 
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UIP-05-2017-9219 and IP-01-2018-7459. 
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example, for various interpretability logics we have completeness with respect 
to generalised* but not with respect to regular Veltman semantics. 

Formulas ¥ of interpretability logic are defined by F := Var | 1 | F > F | 
F | FF where Var is a countable set of propositional variables. Our reading 
convention stipulates the following binding from strong to weak: {7,0}, {A, V}, 
, >. The 0 modality models formal provability with some base theory T and 
Ab B will stand for “T together with (the interpretation of) A interprets T 
together (the interpretation of) B”. We refer the interested reader to e.g. [3]. 
We now give the definition of GVS which is similar to regular semantics but now 
using sets of worlds to model the binary >-modality rather than just worlds. 
In this sense, GVS is reminiscent to neighbourhood semantics. 


Definition 1.1 A generalised Veltman frame is a triple F = (W, R, S') where 
the set of worlds W is nonempty, RC W? and S C W x W x (P(W) \ {2}). 
We write wRu instead of (w,u) € Rand uS,,Y instead of (w,u,Y) € S. The 
structure must satisfy the following conditions : 

(i) R is transitive and conversely well-founded; 

(ii) if uS.,Y then wRu and for all y € Y we have why; 
(iii) if wRu then uS,,{u}; and if wRu and uRv then uS,{v}; 

) 


(iv) if uS.¥ and ySwZy for all y € Y, then uSw (Uyey 2): 


Frames extend to models by endowing them with a valuation on the set of 
propositional variables Var. 


Definition 1.2 A generalised Veltman model is a pair M = (F,V) with a 
generalised Veltman frame F and a valuation V C W x Var. Given a model M, 
we define a forcing relation IFC W x Fm for all formulas extending provabilty 
forcing. 
Thus, =(w IF L); w IF A > B iff w IF B or 7(w IF A); w IF OA iff 

Vu(wRu = ulF A). Finally, we stipulate 

w lt Ab B iff: if wRu and u IF A then there exists Y such that Y lk B 

and uS,,Y. When we write Y lk B we mean that for all y € Y we have 

ylF B. 


If F' is a generalised Veltman frame and A a formula, we write F lk A to 
denote that for every valuation we have (F,V) It A. For a given interpretability 
principle (a scheme of formulas) X we will denote by (X)gen a first or higher 
order formula so that for a frame F’ we have F |r X for all instances of X iff F 
as a first or higher order structure validates (X)gen. 


2 Frame conditions 


The principle R: A> B > =(Ab7C)b BAUC was proven to be in IL(All) in 
[1] and [2] extends this to two new series: the so-called narrow and broad 


4 Most notably the logic ILR as defined below is complete w.r.t. GVS. However, completenes 
w.r.t. regular semantics is still open and seems hard. Since ILR is the base case of the two 
series that we consider in this paper, we suspect that GVS is more likely to be useful for said 
series. 
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series. Apart from being in IL(AIl), not much more is currently known about 
the series and this paper constitutes some first progress. 


2.1 The narrow series 


This series has a more complex frame condition and we only comment on the 
first new principle in it, Ry: AbD B- (AA -C)A (DEP OE)) > (BA 
CA (De E)). To state the frame condition we define for E a set that 
ROUNE) = {2 : dy € E.zRy}, and R71 [E) = R[E}n Riz]. 

The (Ri)gen condition reads as follows: 


Vw, 2r,u, B,C, :(wrekusy B,C € C(a, u) 


(4B C B) («Sw ’ RIB CC, (vv € B')(We EC) 


(vRcS,R;, ‘[E] > (SE’ C E)cS, )). 
Theorem 2.1 FF (Ri)gen <> F lk Ry. 


Proof. 
< | We will only include one direction leaving the other as an exer- 


cise. Assume for a contradiction that F' ¥ (Ri)gen. It follows that there exist 
w,x,u, B,C,E such that wRaRuS,B, C € C(x, u) and: 
(VB’ C B)(2S,,B’, R[B’] CC 

=> (du € B’)(ac € C)(AZ C RZ" [E].vRcS,Z, VE’ C E.c$,E’)). 


Let V be a family of sets, V:= {U:U CB,28S.,U, R[U] C C}. 
From the condition it follows that for every U € V the following is valid: 


(duu E U)(Acy E C)(AZy S Rz'| (vu Rev SeZu, (Vv a ¢ YcuB vy a)). 


Let us fix such vy and cy and Zy for all U € VY. 

Define a valuation such that the following applies: [a] = {u}, [b] = B 
[c] = C, [d] = {cu :U € V}, [e] =E. Note that for any formula A we define 
[A] := {w: wl A}. 

By assumption we have w Ik ab>b > (=(ab-c)A(d>Oe)) > (bAUcA (db e)). 

It is easy to see that w lk a> b and x lk =(a > 70). 

Let us prove x lk d> Oe. Let eRclt D. Then c = cy for some U € Y. From 
the definition of cy we have cy $,Zy, a forcing is defined such that e is true 
exactly on the set E. Hence Rz1{E] Ik Oe and since Zy C Rz'[E] it follows 
that «IF d> Ge. 

We can also check that for U € V we have U lk b A Uc and the following 
condition holds for any set U: 


(*) cSy,U,U Ik bADc SUEY. 


Since w [+ a> b and wRz lk =(ab 7c) A (db Ce) there must exist some 
set U such that x5,,U Ik b\ OcA (db e). From (x) it follows that that U € V; 
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hence there exist vy,cu,Zy such that Zy C Rz'{E] and vy Rey $,Zy, (VE’ C 
‘)cu$y,,E’. Since cy |r d there must exist some Y such that cySy,,Y |r e, 
however, by the definition of the valuation it follows that Y C E and thus 
cu$v,Y, which is a contradiction. 


2.2 The broad series 


In order to define the R" principles we first define a series of auxiliary formulas 
U; via Up == O7(Do & AC) and U;41 = O((D; > D,+41) AU,). Next, we define 


R°:= Ap B>-(Ap-7AC)p BAC; 
R"t! = Ap B> ((D, bP A)AUn) > BAOC. 


For n = 1 we have R' = Ab B- (©7-(Db -=C) A (Db A)) & (BA CC) and the 
(R*)gen condition reads as follows? : 


Vw,z,y,z,A,B,C,D. 
wReRyRz, 
(Vu.wRu,u € A > AV.uS,V,V CB), 
(Vu.cRu,u € D => AV.uS,V,V C A), 
(VWV.zSyV > dv Ee VveEC), 

zée€D 

AV C B(rS,V, RIV] CC). 


We have generalised the previous condition to work for any n. The proof 
is formalised in Agda and can be found in [4,5]. We proceed by stating the 
theorem. 


Theorem 2.2 FF (R")gen <=> FIFR”. 


3 Agda formalisation 


The proofs presented in this paper have been formalised in the Agda ((7]). 
Agda is a dependently typed language based on an extension of Per Martin- 
L6f’s intuitionistic type theory. Dependent types allow the user to express 
mathematical properties with types and prove them by providing a term which 
inhabits such type. Its development mostly takes place at the Chalmers Uni- 
versity of Technology. 

The presented advances in this paper are part of a broader project ([5}) 
that aims at establishing a modern and state-of-the-art Agda library for inter- 
pretability logics, with a focus on generalised Veltman Semantics. To the best 
of our knowledge our work is the first attempt at formalising interpretability 
logics in Agda or any other proof assistant. By the time of this submission the 
library had around 4000 lines of code and includes, but is not limited to, the 
following features: 


5 We note that the definition of a scheme being frame valid is second order. As such, a 
methodological question urges itself (see [5]) in the realm of neighborhood semantics and 
generalised Veltman semantics: what constitutes a natural frame-condition? 
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Generalised Veltman Semantics in Agda 


Formalisation of ordinary semantics, generalised semantics and a plethora 
of useful lemmas to work on such semantics. 

Due to the many possible quasi-transitivity principles available for gen- 
eralised semantics ([4]) we have defined generalised frames to be param- 
eterized by such condition. All known quasi-transitivity conditions are 
included in the library and all theorems that do not directly depend on 
them can be instantiated to work for any quasi-transitivity condition. It 
also includes a thorough analysis of the interrelations between the alluded 
conditions. 

We have included proofs for a number of frame conditions. Both for or- 
dinary and generalised semantics. These include M, Po, R, Mo for both 
semantics and R", R; for generalised semantics. 

The library is not limited to semantics and it includes a definition of 
the logic IL. It also includes an embedded domain specific language to 
write Hilbert style proofs in a paper-like format. We plan on including 
derivations of some of the most well known theorems of interpretability 
logics. 


We humbly believe that our library, although under progress is a display of 
the potential and elegance of Agda. In [5] one can find the full details of the 
presented theorems in this paper in conjunction with an extensive explanation 
of the mentioned library. The code is freely available at 


https://gitlab.com/janmasrovira/interpretability-logics. 
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We develop Kamp-style results for the asynchronous and synchronous variants of 
linear temporal logic under team semantics. We define a simple translation from 
the asynchronous semantics to first-order logic under team semantics that uses the 
flatness of both logics, a property which is lost in some extensions of the logics. We 
develop the translation further to accommodate for logics that lack flatness, wherein 
we translate to dependence logic with the classical negation. Finally we formulate 
the translation from the synchronous semantic to dependence logic with classical 
negation. 
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1 Introduction 


Linear temporal logic (LTL) is a simple logic for formalising concepts of time. 
It has become important in theoretical computer science, where Amir Pnueli 
connected it to system verification in 1977, and within that context the logic 
has been studied extensively [6]. With regards to expressive power, a classic 
result by Hans Kamp from 1968 shows that LTL is expressively equivalent to 
FO?(<) [4,7]. 

LTL has found applications in the field of formal verification, where it is 
used to check whether a system fulfils its specifications. However, the logic 
cannot capture all of the interesting specifications a system may have, since it 
cannot express dependencies between its executions, known as traces. These 
properties, coined hyperproperties by Clarkson and Schneider in 2010, include 
properties important for cybersecurity such as noninterference and secure in- 
formation flow [2]. Due to this background, extensions of LTL have recently 
been the focus of research. 

HyperLTL is one of the most extensively studied of these extensions [1]. Its 
formulas are interpreted over sets of traces and the syntax extends LTL with 
quantification on traces. Among the many results for the logic, there are many 
expressivity results, that relate it to fragments of first, and even second order 
logic. In particular there is a translation from HyperLTL to FO(<,E), where 
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E is an equal level predicate [3]. Here the sets of traces T are coded as T x N 
for the domains of the first-order models. 

On the other hand, there are alternative approaches to extending LTL to 
catch hyperproperties. Team semantics is a framework in which one moves 
on from considering truth through single assignments to regarding teams of 
assignments as the linchpin for the satisfaction of a formula. Clearly, this 
framework, when applied to LTL, provides an approach on the hyperproperties. 
Krebs et al in 2018 introduced two semantics for LTL under team semantics: 
the synchronous semantics and the asynchronous variant that differ on the 
interpretation of the temporal operators [5]. The same paper showed a variety 
of complexity and expressivity results for the two semantics, as well as that 
the asynchronous semantic has the flatness property, while the synchronous 
one does not. This article will follow the semantic definitions of that previous 
work. 

In this article several translations between fragments of TeamLTL and FO 
under team semantics are introduced. Firstly, we define a translation from 
the asynchronous semantics to FO? under team semantics, which relies on the 
flatness of both logics. Next we develop this translation further, in order to 
accommodate for extensions of asynchronous TeamLTL which lack flatness, and 
we translate them to FO?(=(...),~). We further evolve the previous trans- 
lation to apply to the synchronous semantics, which in turn we translate to 


FOE Cag 
Preliminaries 


Definition 1.1 [Traces] Let ® be a set of atomic propositions. A trace 7 over ® 
is an infinite sequence 7 € (2°). We denote a trace as 7 = (7(i))%o, and given 
j = 0 we denote the suffix of 7 starting at the jth element 7[j, 00) := (m(7))?°;. 


Definition 1.2 [Linear Temporal Logic] Formulas of LTL are defined by the 
grammar 

g:=Pl-plerAvlyeve|xXe| Fe| Ge | eUy | eRy, 
where p € ®. 


Definition 1.3 [Classical Semantics for LTL] Given a trace 7, proposition p € 
®, and LTL formulas y and w, the semantics of linear temporal logic are as 
follows. 


TE Fe @& dk >0:a[k,owo) Ey 

E Gy 8 Vk >0:a[k,~o) Ee 

TE gpUw © dk > 0: a[k,oo) Ew and 
Vii <k:nlk’,ol Ey 

TE pRy & Vk > 0: a[k, oo) Ew or 
dk’ <k:2[k’,oo) Ey 


TE pS pe z(0) 
7 ap  p ¢ x(0) 

mE pAUYUSnreEyandrtEYy 
T 

T 


) 


EypVoesereEvyornmEw 
E Xy &al[l,oo) Ey 


A team of TeamLTL is a set of traces. We denote T[i,oo) := {t[i,coo) | t € 
T}. The upcoming definitions are following Krebs et al [5]. 
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Definition 1.4 [Team Semantics for LTL] Suppose T is a team, p € ® is 

a proposition, and y and w are TeamLTL formulae. Then the semantics of 

TeamLTL are defined by the following. 

TEG%p &Va € T and 

Vix > O{t[kr,co) |r ET} EY 

TE gpU'd © Fk > 0: Tk, 0) 

and Vk’ <k: T{k’,oo) Ey 

TK pU'Y SVn €T Ak, > 0: 

{a|kr,co)|7 ET} — yw and 

Vk < ka: {a[ki,co)|mET} Ey 

TE ypRv SVk>0: 

71b,00) ator ak <a: 

T{k',00) Fy 

TE pR*b o&Vr eT Vk, > 0: 

{alk,,co) |7 ET}E YW or 

Akl < ka: {n[k,,oo)| re TI Ey 
We denote the asynchronous and the synchronous fragments by TeamLTL? 

and TeamLTL>, respectively. 


Definition 1.5 [FO under team semantics and FO(=(...),~)] Formulae of FO 
are defined by the grammar 


Epspeén7(0) for all z € T 
E ap =p ¢7(0) for alla eT 
EpAusTEvyandTEwW 
pV es ST, Ty CTs 

T, UT; =T and 

T, —& y and To 
TEXyeT{l,oo 
TE F*ysdk> 
T|k,co) Ep 
TE F*%g @Vr eT dk, > 0: 
{n[ke,00) [TET EY 
TEGysvVk>0:T{k,~«o) Ey 


l 
a 


ioe eas Bis gi 


v 


Na 


~ 


So 


g:=x=y| R(x,...,%n) |e =y|7R(21,.-.,2~) | PAP| PVE | Are | Very, 


where x, y and 2,...,%, are variables, and RF is a relation symbol of arity 
n. Formulas of FO(=(...),~) extend the grammar by the dependence atom 
=(91,...,%n,y) and the Boolean negation ~ y. 


In the following we use the notation T|F'/2] = {t|F(t)/z] | t ¢ T}, where T 
isa team, F: T > P(M)\Q@ is a supplementation function and z is a variable. 
Similarly we notate duplication through T|M/z] = {t[m/z] | for allm € M,t € 
Th. 

Definition 1.6 [Team Semantics for FO] Suppose M is a first-order model 
with domain M, and let S' be a team of M. Suppose n > 1, and y and w are 
FO formulae. Then the team semantics of FO are defined by the following. 


MEs pAYVSM Es ¢ and 
MEs t=y SVs € S,s(x) = s(y) Mkés w 
M Kg R(a1,.--,2n) @ V8 €S, Mks eV 8S JS1,52 C8 
(s(21),...,8(an)) € R™“ such that S; U Sy = S and 
M Es 74 =y SVs € S,s(x)  s(y) M Ks, py and M Es, w 
M Ks 7R(m1,---,2n) @ V8 ES, M Ks Ary & AF: S—> P(M)\0 
(s(1),...,8(2n)) ¢ R™ such that M Fg (r/2] 9 
Ms Vrp @ M Fgm/a] ¢ 
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The semantics of FO(=(...),~) extend the previous with the following. 


M Es =(41,---;%n,y) & V51, 82 € S, if 51(v;) = 52(x;) for alli € {1,...,n}, 
then s1(y) = sa(y) 


We say that FO under team semantics has the flatness property, since for 
all formulae y of FO, models M and teams T it holds that M Er if and 
only if M Fy; for all ¢ € T. Similarly for all formulae y of TeamLTL and 
teams T, T — » if and only if {7} — y for all we T. 


A Translation of Asynchronous LTL to FO 


Suppose T' = {7; | 7 € J} is a team of traces. Define Mr to be the following 
structure of vocabulary {<}U {P; | p; € ®} where 


Dom(Mr) =T x N 
<“T= {((mi,n), (mj,m)) |i = 7 and n < m} 
PM? = {(g,5) | pi € TRS)}- 


In addition we define a team Sp = {s; | s;(@) = (7,0), for alla; € T}. We 
notate pO WU :=7ypV (~pAY). 

Next we define inductively the translations ST,,, where w € {x,y,z}, from 
TeamLTL? to FO? under team semantics as follows: 


ST, (pi) = P;(2) STz(G%y) =Vy(« < y > ST,(y)) 
ST; (-p;) = ~Pi(z) ST,(F%p) = dy(x < yA ST, (~)) 
STx(py A) = ST (yp) A STx(y) ST, (pU*Y) = Jy(@ Sy A STy(pyA 
ST,(y V %) = ST, (y) V ST, (w) Va((x <zANz<y) > ST,(¢))) 
ST,(Xy) =Ay(z<yASTy(y)A ST, (PR) = Vy(z < y @ (ST, (¥)V 
Vern(u<zAz<y)) dz(a<zAz<yAST.(y)))). 


Proposition 1.7 For all TeamLTL? formulae », TE ey @ Mr Es, ST;(y). 


This proposition follows from the fact that both logics are flat, and in fact, 
by the same argument, any translation from LTL to FO is also a translation for 
the asynchronous semantic. 


Translations in the Absence of Flatness 


The previous translation makes use of the fact that both TeamLTL? and FO 
have the flatness property. However, flatness does not hold for TeamLTL® or 
extensions of TeamLTL?. Thus the translation needs to be modified to accom- 
modate for these cases. To that end let Myr and Sr be as previously. We 
define a translation of TeamLTL? formulas to FO3(=(...),~) as follows: 

The translation is analogous to the previous translation for the atomic 
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propositions, A, V, and X. 


ST; (Ub) = dy(@ < yA =(2,y) AST; (W)A 
wdzg(a<zAz<yA=(a,2z)A ~ STi (¢))) 
ST; (eR°p) =~ Ay(a@ sy A=(@,y)A 
~ ST) (wb) Asdz(a < zAz<yA=(z,z)A 
~ STZ ())): 


F%y) = dy(x < yA 
r,y) A STF (~)) 
ST? (G%y) =~ Ay(x < yA 


Theorem 1.8 For all TeamLTL? formulae y there exists a FO3(=(...),~) for- 
mula ST*(p), such thatT Fp & Mr Es, ST2(y). 


This result can now easily be expanded to extensions of TeamLTL? which 
do not have the flatness property, by providing a translation for the extending 
atoms or operators. For instance, the dependence atom satisfies the equivalence 
=(p,q) = (pA (¢@ 79g) V (=p A (¢ @ 7q), which uses the Boolean disjunction 
© that can be expressed in FO(=(...),~). Thus by using this equivalence we 
can translate any formula of TeamLTL?(=(...)) to FO?(=(...),~) using the 
previous translation. 


Corollary 1.9 For all TeamLTL?(=(...)) formulae y, T - Mr Fs, 
ST? (¢). 


Translation for Synchronous TeamLTL 


The synchronous team semantics for LTL does not have the flatness property 
[5]. Armed with the previous translation, we need to capture the equal level 
teams on the first-order side. This can be done as for HyperLTL, by introducing 
an equal level predicate E [3]. 

Let Mr and Sr be as above, with the addition of the equal level predi- 
cate E together with its negation, both defined in the usual way by ET = 
{((mi,k),(7;,%)) | ig € Jandk € N}. Next we define a translation from 
TeamLTL’ to FO*(=(...),~) as follows: The translation is analogous to the 
previous translations for the atomic propositions, A, V, and X. 


ST; (Fp) = dy(=(y) A az(By, 2) Aa S 2A STZ (¢))) 


The remaining operators are translated in a similar way to the future operator, 
while using the pattern established in the previous translations. 


Theorem 1.10 For all TeamLTL’ formulae y there exists a FO*(=(...),~) 
formula ST*(y), such that T Ep @& Mr Es, STz(y). 


The translations presented in this article fill in parts of the web of expression 
of TeamLTL. In future research the translations can be used to further study 
the expressivity and complexity of TeamLTL and its extensions, for instance 
the precise fragments of the first-order logics that correspond to the temporal 
team logics remains to be determined. The connections between the fragments 
of FO under team semantics and HyperFO implied by the similarity of the two 
constructions also provide questions for further research. 
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Abstract 


This paper establishes the subformula property and the Craig interpolation theorem 
for sequent calculi of the tense expansions of modal logics K, KT, KD, K4, K4D, 
and S4. Our sequent calculi are based on the ordinary notion of (non-labelled) 
sequent. We prove the subformula property of all the calculi by Takano’s semantic 
argument and apply Maehara method to get the Craig interpolation theorem. 


Keywords: Analytic Cut, Craig Interpolation, Subformula Property, Sequent 
Calculus, Tense Logic 


1 Introduction and Motivation 


If we focus on the modal cube, i.e., the fifteen distinct modal logics generated 
from modal axioms D, T, B, 4 and 5, all the modal logics have the corre- 
sponding sequent calculi and the calculi enjoy the subformula property [5,7], 
though we need to extend the notion of subformula for modal logics K5 and 
K5D [6]. While it is well-known that some sequent calculi for the fifteen modal 
logics (say, for $5) do not enjoy the cut-elimination theorem, Takano proposed 
that the subformula property can be regarded as a substitute of cut-elimination 
for modal logics. A key ingredient of this claim is that all applications of the 
cut rule can be replaced with analytic applications of the cut rule, i.e., appli- 
cations where the cut formula is a subformula in a formula of the conclusion 
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of the cut rule. Recently, Kowalski and Ono [1] extended this perspective to 
bi-intuitionistic logic to get the Craig interpolation theorem. 

This paper extends Takano’s claim also to tense expansions of modal logics. 
In particular, we provide sequent calculi of the tense expansions of modal logics 
K, KT, KD, K4, K4D and S4, and then establish (semantically) that all the 
calculi enjoy the subformula property (with the help of an analytic cut rule). 
As a corollary of the subformula property, we establish the Craig interpolation 
theorem by Maehara method via the ordinary notion of sequent. This contrasts 
with the recent result [2, Corollary 16] of the Craig interpolation theorem for 
tense logics in terms of the notion of nested (or labelled) sequent. 


2 Sequent Calculi for Tense Logics 


Let Prop be a countable set of propositional variables. Our syntax £ for tense 
logic consists of Prop and all logical connectives of classical logic, i.e., a constant 
symbol L, negation —, disjunction V, conjunction A, implication >, as well as 
two modal operators {¢,0}, where O is the future necessity operator and 
@ is the past possibility operator. The set of all formulas in L is defined 
in a standard way. Given any formula y, we define Sub(y) as the set of all 
subformulas of y. Moreover, for any set (or multiset) [ of formulas, we define 
Sub(l’) = User Sub(y). We say that a set (or multiset) [is subformula closed 
if Sub(y) CT for all formulas y € T. 

Given a Kripke frame (W, R) (where W is a non-empty set and R is a binary 
relation on W), we follow the standard definitions for frame properties of R 
such as reflexivity, transitivity, and seriality. A Kripke model M = (W,R,V) 
consists of a Kripke frame (W, R) and a valuation V : Prop > 9(W). Given 
a model M = (W,R,V) and a state w € W, a satisfaction relation M,w — » 
(read “vy is true at w of MM”) is defined inductively as usual, in particular, 


M,w — Oy iff for every v, wRv implies M,v F 9, 
M,wtE 4¢ iff for some v, vRw and M,v FE vy. 


We say that a formula y is valid on a class M of Kripke models if, for every 
Kripke model M in M, M,w - y holds for all states w in M. 


Table 1 
Sequent Rules for Tense Operators 
eO,UlSp¢ yp=> 4,00 40,U0=> 
6,01 > oy a ) 40565,0 (@) 6,ols (Op) 
y,Trs>A T>A,¢ 
y,T>A ( ) TSA, Le ®) 
42,40, OF, I ae ) p> h,¢d, 00, sg ) 4,40, OF, I (Gap) 
¢2,6,0ns09 “) 4osex,ona 40, 6,01 ap 


=) 


yoonsog °9 ypsenae | 


In what follows, we use T, A, etc. to denote finite multisets of formulas. A 
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sequent is a pair of finite multisets and it is denoted by [ = A, where [ and 
A are called an antecedent and a succedent, respectively. We read T => A as 
“if all formulas in I hold, then some formulas in A holds”. Let LK be a set 
of initial sequents (p => y and L =), structural rules (right and left rules for 
contraction and weakening), propositional rules (right and left rules for =, A, 
V, and -) and the rule of cut: 


T=A,yo ¢,Usk 
Tas A,» ty: 


Definition 2.1 Let A € {K,KD,KT,K4,K4D,S4}. A sequent calculus 
G(A;) is defined in terms of rules given in Table 1 as follows: 


* G(Kt) consists of LK, (CG) and (@). (cf. [3]) 
¢ G(KD;) is the expansion of G(K:) with (Op). 
G(KT+) is the expansion of G(Kt) with ( ) and (= @). 
* G(K4t) consists of LK, (G4) and (4). (cf. [3]) 
G( 
G( 


K4D,) is the expansion of G(K4,) with (Gap). 
S4,) consists of LK, ( )ie( ), (> @) and (¢ =). 


For each sequent calculi in Definition 2.1, we define the notions of proof and 
provable sequent as usual. The reader may wonder if (Cut) is admissible in all 
the calculi in Definition 2.1. However, this is not the case. Let us focus on 
G(K;) here. A sequent p, @O-p => is provable in the calculus with the help of 
(Cut), but the application of (Cut) is indispensable for the purpose: 


4 O-p oe pep 
Pp, @ Op ; 


where (+=) is the left rule for negation (this kind of phenomena is well-known 
for a sequent calculus of modal logic $5, see, e.g., [4, p.222]). It is remarked 
in the above proof that the cut formula 7p is a subformula of the conclusion 
of (Cut) and moreover O-p is also a subformula of the conclusion of the rule 
(@). Therefore, all the applications of the inference rules in the proof above are 
analytic, i.e., they satisfy the subformula property. This motivates us to define 
the following analytic variants to the calculi of Definition 2.1. 


Definition 2.2 When A € {K, KD, KT, K4, K4D, $4}, G*(A,) is the same 
system as G(At) except we replace (Cut) by the following analytic cut rule: 


PSAje oil as . 
TM=>A,> (Cut)* where y € Sub(I, IT, A, ©) . 


and we also replace tense logical rules with analytic variants (with superscript 
“a” ) requiring the following side conditions: 


100 Subformula Property and Craig Interpolation Theorem of Sequent Calculi for Tense Logics 


* (G)*: 0 C Sub(II, vy). * (Ga)*: $0 C Sub(@, IT, v). 
* (@)°: OO C Sub(y, &). * (@4)°: GO C Sub(y, 4, OQ). 
* (Gp)*: ¢© C Sub(II). * (Gap)*: $0 C Sub(¢Q, I). 


A sequent T = A is valid in a Kripke model M if AT > \ A is valid in 
M, where AT and \/ A are the conjunction and disjunction of all formulas in 
I and A, respectively. Given any A € {K, KD, KT, K4, K4D, S4}, the class 
Min is the class of all finite Kripke models whose binary relation R satisfies 
the corresponding frame properties to A. 


Proposition 2.3 (Soundness) Let A € {K,KD,KT,K4,K4D,S4}. Ifa 
sequent [ = A is provable in G(Az), then it is valid on all models in Man, 


3 Subformula Property 


Let A € {K, KD, KT, K4, K4D, $4}. This section establishes that a fully an- 
alytic calculus G*(At) enjoys the subformula property by showing that G*(A¢) 
is semantically complete for the intended class of finite models. In what follows 
in this section, we fix = as a subformula closed finite set. 


Definition 3.1 We say that a pair (II,=) of finite sets of formulas is a E- 

partial valuation in G*(A¢) if the following three conditions are satisfied: (i) 

II > ¥ is unprovable in G*(A,), (ii) IHU X = Sub(I, X), (iii) Sub(II, &) C &. 
We use the analytic cut rule (Cut)® to get the following lemma. 


Lemma 3.2 Let T => A be unprovable in G*(Ay). For any subformula closed 
set = such that Sub(T, A) C =, there exists a =-partial valuation ((*,A*) in 
G*(Ay) such that T CT+ C Sub(T, A) and A C At C Sub(T, A). 


Definition 3.3 Define MZ = (W=, R§,V®=) by: 
¢ W® := {(II,5)|(U,~) is a =-partial valuation in G*(A) }. 
¢ R& is defined depending on our choice of A as follows: 
- (TP, A)RA(I, ©) iff {b| Oy eT} Cand {y|@peX}CA, 
if Ae {K,KT, KD}; 
- (TP, A) RAIL, ©) iff {Y, OY [OY eT} Cand {y,@Pv|@yeX}CA, 
if Ac {K4,K4D}; 
wel} Cand {@v|@pEDd}CA. 


° ([, A) € V=(p) iff p ET. 
Lemma 3.4 For every (T, A) € W® and every xy €TUA, the following hold: 
(i) x €T implies Mx, (T, A) E x, and (ii) x € A implies Mx, (T, A) F x. 
Lemma 3.5 For every choice of A, the Kripke model MZ belongs to My. 


Theorem 3.6 Let A ¢ {K, KD, KT, K4,K4D,S84}. If a sequent > A is 
valid in the class M'", then it is provable in G*(A¢). 

Definition 3.7 For any A € {K, KD, KT, K4, K4D,S4}, we define G*(A¢) 
as the same system as G(Ay) except that the cut rule (Cut) is replaced by the 
analytic variant (C'ut)® (recall Definition 2.2). 
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We establish the Craig interpolation theorem for G*(A;) in the next section, 


though it is noted that G*(S4,) and G*(S4;) are exactly the same calculi. 


Corollary 3.8 For any sequent T => A, the following are all equivalent: (1) 
T= A is valid in the class Mf", (2) T > A is provable in G*(At), (3) T> A 


is provable in G*(Ay), (4) T > A is provable in G(A¢). 


Proof. The direction from (1) to (2) is due to Theorem 3.6 and the direction 
from (4) to (1) is due to Proposition 2.3. The remaining directions (from (2) 


to (3) and from (3) to (4)) are immediate by definition. 


4 Craig Interpolation Theorem for Tense Logics 


This section establishes the Craig interpolation theorem of G(A,) for all choices 
of Ac {K, KD, KT, K4, K4D, 84} by Maehara’s method. For this purpose, 
it suffices to make use of G*(A;) from Definition 3.7, instead of the fully analytic 
calculus G“(A;). Given any finite multiset A, we use Prop(A) to mean the set 
of all propositional variables in a formula of A. A pair (([1,A1), (T2, A2)) is 
said to be a partition of a sequent T > A if Tf = 1 ,,T2 and A = Aj, Ao and 


we write it as ([; : Aj), (T2: Ag). 


Lemma 4.1 If a sequent T > A is provable in G* (At), then every partition 
(T, : Ai), (L2: Az) of f > A has an interpolant, i.e., there exists a formula 
6 such that sequents Ty = A,,@ and 6,02 = Ags are provable in G* (Ay), and 


Prop(@) © Prop(T1, A1) M Prop(L2, Ag). 


Proof. By induction on a proof of T = A in G*(At). When the last applied 


tule is (Cut)“, we can apply the same argument as given in [4, pp.245-246]. 


By Corollary 3.8 and Lemma 4.1, the following holds (cf. [2, Corollary 16]). 


Theorem 4.2 Let Ac {K,KD,KT,K4,K4D,S4}. If a sequent > yp > 
is provable in G(At¢) then there exists a formula 6 such that both sequents > 
p86 and > 6 > w are provable in G(At), and Prop(@) C Prop(y) M Prop(w). 
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Abstract 


We formulate a weak completeness argument for Propositional Dynamic Logic that 
does not rely on the presence of Boolean negation in the language and does not involve 
a construction of a finite model. As a result, the argument is applicable to a wide 
range of propositional dynamic logics extending bounded distributive lattice logic, 
including superintuitionistic and relevant dynamic logics. 


Keywords: Completeness, superintuitionistic modal logic, propositional dynamic 
logic, relevant modal logic, substructural logics. 


1 Introduction 


It is well-known that, due to non-compactness caused by features of the Kleene 
star operator on programs, the standard canonical model technique is not ap- 
plicable in weak completeness proofs for Propositional Dynamic Logic. Instead, 
known weak completeness proofs [5,3,8,2,1] proceed using a filtration-like con- 
struction of a finite counter-model model for each non-theorem. The proof that 
such a structure invalidates the non-theorem at hand is relying on the fact that 
sets of states in the model can be characterized by formulas; the proof of this 
fact usually relies on the presence of Boolean negation. Hence, the standard 
weak completeness argument unsuitable for generalizations of PDL to logics 
without Boolean negation or the finite model property. Examples include in- 
tuitionistic, paraconsistent or relevant propositional dynamic logics. 

In this paper we formulate a generalization of the standard weak complete- 
ness argument that avoids these limitations. We show that a version of the 
modal part of the Segerberg axiomatization of classical PDL is robust in the 
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sense that it axiomatizes the PDL program constructs on roughly their ex- 
pected semantic interpretation independently of the non-modal propositional 
base, if that base is at least as strong as bounded distributive lattice logic. We 
supplement the general completeness argument with case studies, including in- 
tuitionistic and relevant PDL. The application of our main result to relevant 
PDL apparently yields the first completeness results for PDL based on T_L- 
expansions of some prominent strong relevant logics lacking the finite model 
property, thus being a step towards solving an open problem pointed out by 
Sylvan in the early 1990s; see [9]. The results presented here substantially 
generalize our previous work on the topic [6,7]. 


2 Preliminaries 


Let FMA be a countable set of atomic formulas and £ be any propositional 
language, comprising a set of operators OP; together with an arity function 
r: OP¢ — w; we usually write o” to point out that r(o) = n for o € OP,. 
It is assumed that £ contains at least the binary operators A, V,—, the unary 
operator 7, and constants T, |. Let PRA be a countable set of atomic program 
expressions. Programs and formulas of £ are defined as follows: 


© PRe) UPS pr |.Fo, Pi | fo: |B" [Ag 

© FMc A::=a;|0"(Ao,...,An—1) | [P]A; 
where p; € PRA and a; € FMA. Formulas and programs are jointly referred to 
as expressions of £L, the set of which is denoted as Exc. We write PQ instead 
of P;Q and A © B instead of (A > B)A(B- A). 

A propositional dynamic logic over £ is any subset of FM; that contains 


all instances of the axioms (officially, we take “axioms” of the form A © B to 
represent pairs of axioms A + B,B- A) 


Al A-A A&8 L—A 

A2 ANABOA AQ [P]AA [P]B > [P](AA B) 
A3 AAB>B Al0 T > [P]T 

A4 A> AVB All [PUQ]A © ([PJAA [Q]A) 
A5 Bo AVB Al2 [P;Q]A © [P][Q]A 

A6 AA(BVC) > (AAB)VC Al3 [P*]A—> AA [P][P*]A 
AT A>T Al4 [A?]B © (AAV B) 


and is closed under the rules 


A>~B BoC Av>~C BoC A> [P]JAAB 
RL —__—_ R3 ———_—_ _— prea ale rs ea 
Av-C : AVBOC ae A> ([P*]B 
A>B A+=C A-~B 
Ne SAS BAC R4 yA > [PIB 


Definition 2.1 An abstract dynamic model for £ is MN = (K,<,O,5,I) such 
that K 40, < is a partial order on K, O C K such that x € O and x < y only 
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if y € O, & is an arbitrary set of relations and I: Exc + K x K such that 
(Id(X) = {(e,2) |x €X}) 
( A) C Id(K) for all A€ FM 
xz,x) € I(A) and x < y only if (y, y) € I(A); 
T) = Id(K) and I(1) = 9; 
AA B)=I1(A)NI1(B) and I(AV B) = I(A) UI(B); 
[P]A) = {(a, x) | Vy((z,y) € L(P) => (y,y) € I(A))}: 
x,y) € I(p;) and z < & only if (z, y) € I(p;); 
PUQ) =I(P)UI(Q); 
PQ) = I(P) 0 1(Q); 
P*)=(< UI(P))" = Unew(S UIP)”: 
(x) 1(A?) ={(z,y)|a<y & (yy) € I(A)}. 


We write x Fon A if (a,x) € I(A) in MN and «Py if (x,y) € I(P). Formula A 
is valid in model IN iff Id(O) C I(A). 


— 


i 


ee, Me en ee TO 


SON 


Note that items (iii-iv) are compatible with the “hereditarity condition” (ii) 
and items (vi-x) ensure that (v) is compatible with (ii) as well. The relations 
in } (the “signature” of 9) are typically used to specify the interpretation of 
propositional connectives other than T,1,/A and V, including > and 7. The 
precise way how this is done will not matter to us; we do not assume any 
specific properties of +, other than hereditarity (ii). 


Definition 2.2 An abstract dynamic model for L£ satisfies the implication 
property if (i) (A) C I(B) and (ii) Id(O) C I(A > B) are equivalent for 
all A,B € FM. 


Lemma 2.3 [ft for £L satisfies the implication property, then all L-formulas 
of the form A1-14 are valid in IN and the set of L-formulas valid in MN is closed 
under R1-5. 


3 The main observation 


Our main observation is that, for each A ¢ L, a structure obtained by combining 
the canonical model construction and the filtration of the canonical model 
invalidates A, if the structure satisfies a “readiness” condition that pertains to 
the behaviour of non-modal formulas. This observation can be used to obtain 
weak completeness proofs for a wide range of PDLs based on extensions of 
distributive lattice logic. 


Definition 3.1 Let a be a set of £-formulas. The closure of a is the smallest 
set a’ D a that is closed under subformulas and (i) T, L € a’; (ii) if [P]A € a’, 
then [P]T € a’; (iii) if [P;Q]A € a’, then [P][Q]A € a’; (iv) if [PUQ]A € a’, 
then [P]A € a’ and [Q]A € a’; (v) if [P*]A € a’, then [P][P*]A € a’; (vi) if 
[A?|B € a’, then =A € a’. A set a is closed iff a is the closure of a. 
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Let ® be an arbitrary set of formulas. A formula A occurs in ® if AE ®:a 
program P occurs in © if there is [P]A that occurs in ®. 


Definition 3.2 Let ® be a finite closed set. A canonical L-model for ® is any 
abstract dynamic model IN? = (K,<,O,,J) where 


(i) K is the set of all prime L-theories and < is set inclusion; 

(ii) O={a|L Ca}; 

(iii) I(a) = {(a, a) | a € a} for a € FMAN © and J(a) = 0 for a € FMA \ ®; 
me 


a 
(iv) I(p) = {(a, 6) | V[p]JA € ®([p]|A € a = Ae B)} for p that occurs in ® 
and I(p) = 9 if p does not occur in ®. 


Let C(MP) = {A € FMe | Va Ee MP(ae A = > AE a)}. We write C 
instead of C(I?) if the parameter is clear from the context. Note that T, 1 € C 
and AAB, AVB €C for all AAB, AVB € © such that A, B € C by definition of 
prime theory. Our main observation is that, in fact, ® C C, if the propositional 
part of 6 “behaves as it should”, in the sense of the following definition. 


Definition 3.3 MN? is ready iff 
(i) FMAN ® CC; and 
(ii) if B= o0"(Ao,..., An—1) € ® and A; € C for alli <n, then BEC. 
For any X C K, we define 
° Fx :=V{A(an®) | ae X}, where \0:= 7, V0:= 1, and Fy := Fray; 
¢ and, for any P € PRg, let [P|X := {a | VB((a, 6) €e 1(P) = Be X)}. 


The following key theorem is a generalizes a result in [4]. 


Theorem 3.4 Take any ready M? for any propositional dynamic logic L and 
any finite closed ®. The following hold for all E € Exg occurring in ®: 


(i) IfE€FMe, thenak E iff E €a, for alla € K; 
(ii) If E € PRg, then [E]A € a and ak@ only if A € 6 for all [E]A € ©; 
(iii) If E € PR, then X C [E|Y only iftL Fy > [E]Fy, for all X,Y CK. 


The proof is by induction on the complexity of E; the complexity measure 
uses an elaboration of the “subexpression” relation. We omit the details. 

It follows from Theorem 3.4 that if A ¢ L and 2M is a ready canonical 
L-model for some finite closed set ® containing A, then A is not valid in 9. 


Theorem 3.5 For all p.d.l. L and all classes M of abstract dynamic models, if 
A ¢L implies that there is a ready canonical L-model for some finite closed set 
® containing A and this canonical L-model is in M, then L is weakly complete 
with respect to M. 


The presence of L, T is convenient and, so it seems, also necessary for our 
proof of Theorem 3.4 to go through. In particular, 1,7 facilitate a general 
definition of Fy applicable to all X C K (note that aN ® 4 @ for alae K 
and F'x is defined even if X = @), and they avoid the problematic case {B | 
[p]B € aN &} = O in the proof of the base case of claim (iii) of Theorem 3.4. 
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4 Special cases 


In order to show that a given propositional dynamic logic L is sound and weakly 
complete with respect to some class of abstract dynamic models M using The- 
orem 3.5, it is sufficient to show that L is sound with respect to M and that 
for all A ¢ L there is a ready M? for A € © such that MP € M. Readiness 
and IN? € M can usually be established using well-known facts about prime 
Lo-theories, where Lo is the non-modal fragment of L; soundness follows from 
Lemma 2.3 and properties of non-modal prime theories. Specific L to which 
this sort of argument applies include classical PDL, a version of intuitionistic 
PDL, a wide range of canonical superintuitionistic PDLs, and canonical rele- 
vant PDLs extending the basic relevant logic B, including PDLs based on the 
prominent relevant logics T, R and E; these logics are known to lack the fi- 
nite model property [10] (in fact, they are undecidable). The latter result is 
a step towards the solution of a problem left open by Sylvan [9]; the reason 
for reservation here is that we are using constants T, | which are problematic 
from the relevantist standpoint (one reason is that they violate the variable 
sharing property; another reason is that some relevantists argue that there is 
no proposition that is true, or one that is false, in all states). Hence, a natural 
open problem is to replicate our argument without using T and L. 
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Abstract 


We consider products and semiproducts of propositional modal logics A with S5 
and present new examples of product and semiproduct logics axiomatized in the 
‘minimal’ way and enjoying the product (or semiproduct) FMP. An essential part of 
the proof is local tabularity of these (semi)products for A of finite depth; it is obtained 
by using bisimulation games. These results readily imply decidability for 1-variable 
fragments of predicate modal logics QA and QA+Barcan formula. We also present 
new counterexamples, i.e. (semi)products not axiomatizable in the simplest way. 


Keywords: modal logic, 1-variable fragment, product of modal logics, bisimulation 
game, finite model property 


1 Introduction 


Semiproducts and products are special types of combined modal logics. Their 
systematic investigation began in the 1990s, notably due to connections with 
other areas of logic, both pure and applied, cf. [2]. Nowadays the field has 
become even more interesting and intriguing; for an overview of some devel- 
opments cf. [6]. In this note we are especially interested in (semi)products 
with S5, due to their interpretation in modal predicate logic translating the 
S5-necessity into the universal quantifier. 

One of the starting points in the study of products was the “product- 
matching” theorem ([2], Theorem 5.9) — the product of two Kripke complete 
Horn axiomatizable logics is axiomatized in the minimal way. A similar re- 
sult for semiproducts (“semiproduct-matching” ) is known for particular cases 
only (ibid., Theorem 9.10). Here we present some new positive examples — 
Horn axiomatizable logics that are semiproduct-matching with S5 and have 
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the product finite model property (FMP). This implies decidability and the 
FMP for corresponding 1-variable modal predicate logics. 

We also present new counterexamples — two infinite families of logics not 
semiproduct-matching with S5. In particular, we show that Horn axiomatiz- 
able complete logics may not be semiproduct-matching. 


2 Preliminaries 


We consider normal monomodal predicate logics, as defined in [4], in a sig- 
nature with predicate letters only. A logic is a set of formulas contain- 
ing standard first-order axioms and the axiom of K and closed under stan- 
dard rules (including predicate substitution). The minimal predicate exten- 
sion of a propositional monomodal logic A is denoted by QA; QAC denotes 
QA+VeO P(x) — OVa P(x) (the Barcan axiom). 

Formulas constructed from a single variable x and monadic predicate letters 
are called {-variable. Formulas in which every subformula of the form OB 
contains at most one parameter are called monodic [2]. 


Lemma 2.1 Every monadic monodic formula with at most one parameter is 
equivalent to a 1-variable formula in QK. 


In turn, every monomodal 1-variable formula A translates into a bimodal 
propositional formula A, with modalities 0 and Wi, if every atom P;(x) is 
replaced with a proposition letter p; and every quantifier Vz with HM. The 
1-variable fragment of a predicate logic L is the set 


D-1:={A, | Ae€L, A is 1-variable}. 


For a modal predicate logic L, we have the following: 
Lemma 2.2 L—1 is a bimodal propositional logic containing K _|S5. 


Definition 2.3 The product of frames Fy = (U;, Ri), Fo = (U2, Re) is 
Fi x Fy = (U1 x U2, Rn, Rv), where 


Rr(u,v) = Ri(u) x {v}, Ro(u,v) = {u} x Ro(v). 


A semiproduct of F, and F) is a subframe (F) x F2)|W where Rp(W) C W. 


Consider a monomodal propositional logic A (in the language with DO) and 
S5 (in the language with Ml). Put 


A |S85:=Ax*S5+O—lp—> HDp, [A,S5]:= A |S5+ Op > OM, 


where « denotes fusion. 


Definition 2.4 The product A x S5 is the logic of the class of all products of 
A-frames with S5-frames. Similarly, the semiproduct A X S5 is the logic of the 
class of all semiproducts of such frames. 


In both cases, instead of arbitary S5-frames one can use single clusters. 


Shehtman, Shkatov 109 


Definition 2.5 The Kripke-completion L of a modal predicate logic L is the 
logic of the class of all predicate Kripke frames validating L. 


Lemma 2.6 (i) A_|S5 C QA—-1C QA-1=AXS5. 
(ii) [A, 85] C QAC—1 C QAC-1=A~x SB. 
Definition 2.7 A and S5 are called semiproduct-matching if A_|S5 = A XS5 
and product-matching if [A,S5] = A x S5. 

A is called quantifier-friendly, if QA—1 = A_|S5, and Barcan-friendly, if 
QAC-1=Ax S5. 

So A is quantifier-friendly (respectively, Barcan-friendly) whenever A and 
S5 are semiproduct-matching (respectively, product-matching). 


Theorem 2.8 (cf. [2], Theorem 5.9). If A is Kripke complete and Horn 
axiomatizable, then A and S5 are product-matching. 


For semiproducts an analogue of this theorem does not hold (see below). 
Let us recall, in a slightly more general form, a number of positive results 
presented in [2], Theorem 9.10.4 


Definition 2.9 A one-way PTC-logic is a modal propositional logic axioma- 
tized by formulas of the form Op — OU" p and variable-free formulas. 


Theorem 2.10 A and 85 are semiproduct-matching for any one-way PTC- 
logic A. 


3 Counterexamples 
Theorem 3.1 (cf. [9/) Let 


T:=K+QO (Gp p), SL4:=K4+ Ope Dp. 


IfOQT CAC SLA, then A and $5 are not semiproduct-matching. 


For the proof note that OM(Op > p) € (A X $5) — (A _|S5). 

Hence we obtain counterexamples to an analogue of Theorem 2.8: Horn 
axiomatizable logics UT, K5, K45 are not semiproduct-matching with S5. 

Nevertheless, we have 


Remark 3.2 (cf. [8]) Every complete Horn axiomatizable logic is quantifier- 
friendly. 

Theorem 3.3 Jf K+ Alt, CA CK+ Alt, +01 forn > 3,m> 2, then A 
and $5 are neither product- nor semiproduct-matching. 


Proof. (Sketch.) Take the product F', x Fy, where F;, is the irreflexive tree with 
the root 0 and the leaves 1,...,n and F» is the two-element cluster {1,2}; re- 
place R, by the least equivalence relation $2 such (x, y)S2(2’, y’) for « = 2’ = 0 
or « = x’ > 3, (1,1)$9(2,2), (1,1)S2(3,2), (1, 2)$2(2,1), (1,2)S2(3,1). The 


1 In [2] semiproducts are called ‘expanding relativized products’, A_|S5 is denoted by 
[A, S5]2*, AX S5 by (A x S5)?*. 
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resulting frame G,, is not a p-morphic image of a semiproduct of a (K + Alt,,)- 
frame and a cluster while G,, F [K+ Alt, +O? 1, $5]. Therefore its Fine-Jankov 
formula belongs to (A X 85) — [A, $5]. m 


A standard canonical model argument proves Kripke-completeness of all 
the logics QA for A= K + Alt,, K+ Alt, +O L. So we obtain 


Corollary 3.4 The logics K+ Alt,, K+Alt,+00L are not quantifier-friendly 
forn>3,m>2. 


4 Local tabularity 


Recall that a propositional logic L is locally tabular, if for any finite k there 
exist finitely many L-non-equivalent formulas in & proposition letters. 

It is well known that every extension of a locally tabular modal logic in the 
same language is locally tabular; every locally tabular logic has the FMP. 


Theorem 4.1 Every logic (K +O") _|S5 is locally tabular. 


This theorem is proved by using bisimulation games; the corresponding 
technique is described in [7]. 
A monomodal logic A is of finite depth if O"_L € A for some n. 


Corollary 4.2 If A is of finite depth, then the logics AX 85, A_|S5 have the 
FMP; so their finite axiomatizability implies decidability. 


In particular, AXS5 (A x $5) is decidable, provided A, $5 are semiproduct- 
(product-) matching and A is of finite depth. 


5 More examples of semiproduct-matching 


In contrast with Theorem 3.3, we can identify some other logics that are 
semiproduct-matching with S5. 


Lemma 5.1 Consider the axiom Ath := OOp + Op. Ath-frames are de- 
fined by the following first-order condition: 


Va,y,2z,u(aRy \aRz \yRu > zRu). 


We call these frames thick. 


Proposition 5.2 The logics K + Ath, K+ Ath+ O"L for n > 1 are 
semiproduct-matching with S5. 


Proof. (Sketch.) Every countable rooted K _|$5-frame H is a p-morphic im- 
age of a semiproduct G of a tree F and a cluster C; the proof is similar to 
the one for products, cf. [2]. Since Ath is a Horn formula, we can take the 
corresponding Horn closure G*; then G* is a semiproduct of F’* and C. If 
HF Ath, we obtain a p-morphism from Gt onto H. So every formula refutable 
on H is not in (K + Ath) X S5. 

Adding variable-free axioms 0)” 1 does not affect this argument. ™ 
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6 Product and semiproduct FMP 


In many cases (semi)products enjoy the (semi)product FMP. In particular, if 
L, is tabular and Lz has the FMP, then L, x Lz has the product FMP [3, Cor. 
5.9]. Probably, this may not be true, if L, is only locally tabular. Examples of 
semiproduct FMP can be found in [5], but they do not cover our next result: 


Theorem 6.1 For A=K+ Ath andA = K+O"1L+Ath, the (semi)product 
of A with 85 has the (semi)product FMP. 


Corollary 6.2 For logics A from Theorem 6.1 QA —1 has the FMP, i.e., is 
complete w.r.t. finite Kripke frames with finite domains. 


Let us give some comments about the proof of Theorem 6.1 for the case 
of semiproducts. Note that (K + Ath) X85 =), ((K + O0"1 + Ath) < $5), 
so it suffices to consider only L = A XS5 for A= K+O01"1 + Ath and show 
that every finite rooted L-frame F = (W, Ri, R2) is a p-morphic image of a 
finite semiproduct of a A-frame with a cluster. A row in F' is a connected 
component in (W, R1); a column is an equivalence class under Ro; a block is a 
non-empty intersection of a row and a column. F is straight if all its blocks 
are singletons. We can show that F' is a p-morphic image of a straight rooted 
L-frame isomorphic to a semiproduct of a A-frame and a cluster. 


Remark 6.3 We hope our main results can be transferred to extensions of GL. 
The logic GL _| $5 is the well-known provability logic of Artemov—Japaridze, 
which is semiproduct-matching with S5. A transitive analogue of Ath is R. 
Solovay’s axiom AS := O(Op > Og) vV O(O¢g > pA Up). We may conjecture 
that SOL := GL+ AS (Solovay’s logic of “provability w.r.t ZF” cf. [1], ch. 13) 
is also semiproduct-matching with $5 and that SOL XS5 has the semiproduct 
FMP. 
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Abstract 


Obligations for an agent may depend on its knowledge. In order to formalize 
knowledge-based obligations, we present the logic KCDL (Knowledge-based Condi- 
tional Deontic Logic) based on Hansson’s style of conditional obligations, incorporat- 
ing epistemic information. KCDL is based on a new dyadic operator, called epistemic 
conditional obligation. The complete axiomatization of the logic is given as well. 


1 Introduction 


Obligations of agents can be affected by their knowledge. For example, a doctor 
should not be blamed for not treating a man when she does not know to be ill, 
although the doctor bears an objective obligation to treat patients. This paper 
focuses on knowledge-based obligation [5] and describes it with a new dyadic 
obligation operator from a view of conditional obligations. The dyadic operator 
C(¢|v) is read as: it ought to be ¢ given the condition that w [8]. Hansson 
proposed a new dyadic obligation operator over preference-based models [3], 
where the semantics of C(¢|w) is: on the best w-states, ¢ is satisfied. 

In this paper, we intend to formalize those conditional obligations that the 
agent already knows, but the knowledge of the antecedents decides whether the 
conditional obligations are ‘triggered’. As the above example shows, the doctor 
knows that she is obliged to treat the man under the condition that he is ill, 
but she does not know whether the man is ill. We will follow Hansson’s method 
to define a new dyadic deontic operator ©)(¢|~), called epistemic conditional 
obligations based on epistemic betterness structures where epistemic relations 
are introduced. 


2 Language and Epistemic Betterness Structures 
2.1 The Language for KCDL 


Definition 2.1 (Language £xcpz) Let P be a set of propositional variables. 
The language CLeopz is given by the following BNF: 


o:=p|7d|(6A¢)| K4o| O(4l¢) 


K¢@ represents knowledge. ©) (|W) represents the epistemic conditional 
obligation, which can be read as: the agent knows that over all the cases 
considered possible, it ought to be ¢ given the condition that w. 


Su 113 


2.2 Semantics of KCDL 


For the semantics we need epistemic betterness structures. 


Definition 2.2 (Epistemic Betterness Structures) M = (S,~,<,V) is an epis- 
temic betterness structure where S is the set of states, ~: S x S' is an epistemic 
relation (equivalence relation), <: S x S is a partial order, called betterness 
relation and V : P— P(S) is the valuation over S. Let [s]~ be the set of states 
accessible from s by the epistemic relation ~. Let ||@||az be the set of all the 
states satisfying ¢in M. s>tift<sands £t. 


Accordingly, maximality and truth conditions can be defined as follows: 
Definition 2.3 Given an arbitrary epistemic betterness structure M = (S,~ 
SV): r © maxg|ldllan Sr € |[dllaz and Vt € ||dllu(r < t > t < 1), 
r € maxg)jsj~ ||Pllar & 7 € ||O|lae N[s]~ and Vt € |[d]lar N[s]~(r7 <t >t <r). 
The truth condition of ©(¢|y) can be defined over M as: M,s E C(dlv) & 
max<|js|~ ||Pllar S ||¢llac- 


Intuitively, no other element is strictly better than any maximal element of 
a partially ordered set S. The truth condition of ©(¢|y) means over all the 
states that are indistinguishable from s, the best w-states also satisfy @. 

To make the semantics work, we need to assume that < should be ~-smooth, 
which is inspired by the notion of smoothness in Parent’s work [6]. 


Definition 2.4 (~-Smoothness) An epistemic betterness structure M is 
~-smooth if for every state s in M, for every t € [s]~, if M,t E ¢, either 
t€ maxgis|~ |lOlla¢ or du € [s]~ : v > t and v € maxg)g)~ ||Ollaz- 


2.3. Epistemic Factual Detachment 


In the tradition of Hansson’s framework, factual detachment can be formalized 
as O(¢|) A Ow > CO(¢|T) (see [7]), which describes the detachment of the 
antecedent in the conditional obligation due to its necessity. 

In our framework, we can formalize an epistemic version of factual detach- 
ment based on epistemic conditional obligations as: (©)(¢|w)AKw) > © (A/T) 
(EFD). (EFD) is valid over epistemic betterness structures. It is in line with 
our intuitions: knowing the antecedent triggers the conditional obligation, mak- 
ing the consequence unconditionally obligatory. 


3 Logic of Knowledge-based Conditional Obligation 
3.1 Axiom System for KCDL 


TAUT (PL) 
S5-schema for K (S5) 
OW > 19) + (OWIlé) > Ol¢)) (OK) 
OWl¢) + K OWI¢) (QAbs) 
Ko > O(¢ly) (QNec) 
K(¢ 6b) > (OMI) & Oly) (©OExt) 
O(4l?) (Old) 


Ole ¥) = O} > 114) (©Sh) 
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aK=>¢ > (O(WI¢) = 7O(¥I¢)) (© D*) 
(OWld) O14) = OOlGAY) (QCM) 
If- @and+ ¢ >, then + w (MP) 

Ift ¢, then K¢ (KN) 


KCDL is the same as the system F+(C'M) in Parent’s paper [6] following 
Aqvist’s approach [1]. But F+(C™M) is investigated over reflexive and smooth 
betterness structures (or reflexive, total! , transitive and smooth structures). 


Theorem 3.1 (Soundness) KCDL is sound with respect to the class of epis- 
temic betterness structures where < is reflexive, transitive and ~-smooth. 


We omit proofs since they are almost the same as Parent’s proof. 


Lemma 3.2 The following formulas are derivable in KCDL: 


(i) O11) A O(Hal) A+- OWnld) = OM1 A Y2-++A Unig) (rn 2 2) 
(ii) IfF ~> 7, thenF OWI6) > O(¢)- 
(iii) OV ¥) ACWW V 7) = CO > ¥VI¢) 
(iv) “K-46 > “O(LI4) 
(v) OOl@VYAOWIA) = OF > HI”) 
(vi) (O(¢leV ¥) AOWIY V 1) + Ol4le V 7) 
(i) - (v) are proved in [6]. The derivability of (vi) refers to [4]. 
3.2 Strong Completeness of KCDL 


The basic strategy of proving completeness is also attributed to Parent’s work. 
We give a new definition on < in the canonical models which keeps < transitive. 
Let I be a consistent set of £xcpz-formulas. We need to establish a canonical 
model which satisfies [. Let [9 be some maximal consistent extension of I. 
Ty) denotes {¢ | ©(¢|v) € To} and K~!A denotes {@ | Kd € A}. We 
will distinguish two cases: (1) Principal case: there is a formula w such that 
I'y CT; (2) Limiting case: there is no formula w such that Ty CT. 


3.2.1 Principal Case 


Definition 3.3 (The Canonical Model Generated by Io, Principal Case) A 
canonical model generated by Ip is a tuple M'° = (W,~,<,V) where 


(i) W = {(A,%) | A is a MCS and Te Cc A}?; 

(ii) (A, od) ~ (2, x) iff KA CY; 
(iii) (A, d) < (2, x) iff (O(xlx Vd) € To and y ¢ X) or (A= and y = x). 
(iv) V(p) = {(A, vw) | p © A} for any pe P. 


Lemma 3.4 (1) ~ is an equivalence relation and total; (2) Let A be a MCS. 
If O(¢lav wv) ZA, then A®%Y” U {74} is consistent; (3) Let A and A, be two 
MCSs. If C(¢lw) ¢ Ar and K~!A C Ay, then AY U {74} is consistent. 


1 An order < is total over a set S iff for any t1, te € S, ti < te or te < th. 
2 MCS represents the maximal Lx cpp-consistent set. 
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Now we can prove the Truth Lemma based on M?°. 


Lemma 3.5 (Truth Lemma) Let M'® = (W,~,<,V) be a canonical model 
generated by Tg. For all (A,w) € W and all 6, M™,(A,v) K ¢ iff GE A. 


Proof. We prove it by induction on the structure of ¢. When ¢ is a Boolean 
formula, the proof is standard. When ¢ = K8, it is almost the same as [6]. 
When ¢ = ©(al8): 

* (=) Suppose that ©(a|G) ¢ A. By Lemma 3.4(3), re U {7a} is consistent. 
So P8 U{=a} can be extended into a MCS Aj. Since re C Ay, (Ai, 8) € W. 
Let (Ao, y) be an arbitrary state in W such that 8 € As. By Definition 3.3, 
(As,7) % (Ai, 8). By Lemma 3.4(1), (Ai,8) ~ (A,w). Thus, (Aj, 8) € 
max<|i(A,v)|~ ||Sllazro. By the inductive hypothesis, M*°, (Ay, 8) Kaa. So 
M*, (A,b) K O(alé). 

¢ (<=) Suppose that ©(al|B) €¢ A. Let (A1,@) € max) yyj~ |[5llacro. We 
want to show that ©(0|6 V 0) € To. Assume, to reach a contradiction, that 
OC(O|BV 6) To. By Lemma 3.4(2), re U {0} is consistent. So it can be 
extended into a MCS Ag such that PSY? U {6} C As. So (Ao, BV 0) € W. 
By the axiom (@Id), 8V 6 € Ag. So B € Ag. By (Old) again, we have 
C(EV BV OV 6) ETo. Since 6 Z As, (Ai, 0) < (Ao, BV 0). And we know 
C(A|6 VOV 0) g To. So (Ao, 6 V 0) 4 (Ai, 6). Thus, (Ai, 8) << (Ao, 6 V 
0). By Lemma 3.4(1), (A1,0) ~ (Az, 6 V 0). By the inductive hypothesis, 
M?», (A2,68V 0) —- £, which contradicts (Ai,0) € MaxX<}[(Ah)]~ Bllarro- 
Thus, ©(6|8 V 0) € To. Let y be an arbitrary formula such that y € 1%. 
So ©(7|8) € To. We also have ©(0|6 V 6) € To. Thus, by Lemma 3.2(v), 
©(8 — 70) € To. Thus, 8 > y E18. SoB+ye Ai. Thus, 7 € Ai. So 
a € A; as well. Therefore, MT°, (A, wv) E ©(al8). 


Lemma 3.6 (Verification Lemma) M"° is reflexive, transitive and ~-smooth. 


Proof. (Reflexivity and Transitivity) Reflexivity is easily verified by Definition 
3.3. Transitivity can be obtained by Lemma 3.2(iii) and Lemma 3.2(vi). 
(~-smoothness) Let (A, 0) € MT° such that MT, (A, 6) — 6: 

¢ When ©(6|6 V 8) € To: Assume that (A, 0) ¢ maxg((a.gyj~ ||Fllacro- This 
means that there exists (©,\) € M?° such that (©,A) > (A,@) and © € 
llr. By Definition 3.3(iii), Q(A|A V @) € To and 6 ¢g &. By Lemma 
3.2(v), OAAVAAOC (OAV B) + C(8 > OA) € To. So @(B = GA) € To. 
So 8 > 6 € &, which implies that 6 € %. Contradiction. 

¢ When ©(6|0V 8) ¢ To, we will show that there is (©, 8V0) € M'° such that 
(5, BV8) > (A, B) and (5, BV) € maxci(a,o)~ [lBllarro- Since (G|@VB) ¢ 
To, by Lemma 3.4(2), eal U {0} is consistent. So it can be extended into 
a MCS © such that PY? U {=6} CS. By Definition 3.3, (5,8 V0) € MP. 
Since = € }, we have 6 € &. Since for any (A, A) > (4, 8V0), =(B VA) € A. 
So =6 € A. Thus, (©, 8 V @) € maxgjj(a,o))~ ||Sllacro. By the axiom (©ld), 
we have (1,8 V 0) > (A, 8). 
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3.2.2 Limiting Case 


Definition 3.7 (The Canonical Model Generated by (T,w), Limiting Case) 
Take an arbitrary formula w, the canonical model generated by (I'9,w) is a 
tuple Mo) = (W’,~',<’',V’) where ~’ and V’ are defined as in Definition 
3.3(ii) and (iii), W’ and <’ are defined as follows: 


(i) W’=WU{(Lo,w)}, where W = {(A,#) | A is a MCS and T*’ C A}; 


(ii) <' = < U{((To,), (Po, w))} U {(Lo,), (A, %)) | (A,v) © WH}, where < 
is defined as in Definition 3.3(iii). 


The truth lemma and verification lemma for Limiting case can be proved 
easily based on Lemma 3.5. 


Theorem 3.8 KCDL is strongly complete with respect to the class of epistemic 
betterness structures that are reflexive, transitive and ~-smooth. 


We observe that it is straightforward to redeploy the above completeness 
argument to prove the strong completeness of F+(CM) with respect to the 
class of betterness structures that is reflexive, transitive, smooth and where ~ 
is universal. Such completeness result was left as an open question in [6] and 
is also the focus of a forthcoming publication by Parent [2]. 


4 Conclusions 


We define a new dyadic deontic operator to describe the knowledge-based con- 
ditional obligations and provide a sound and strongly complete logic for it with 
respect to the reflexive, transitive and ~-smooth epistemic betterness struc- 
tures. 
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Abstract 


The realization theorem connects modal logic with its explicit counterpart, justifica- 
tion logic, or logic of proofs, by relating occurrences of the modal operator in a modal 
theorem with suitable proof terms, and turning a modal theorem into a theorem in 
justification logic or logic of proofs. In this paper, we propose another proof of the 
realization theorem, focusing on the relation between S4 and LP. We will define a 
concept called positive expansion on modal formulas, and prove that through the 
expansion, every S4 theorem can be turned into a theorem whose realization is a 
theorem in LP~, a subsystem of LP without +. Both semantic and syntactic proofs 
are given for this result, where the semantic proof also provides a structural analysis 
of the semantics of LP~. Then an algorithmic procedure is provided which in a way 
reverses the procedure of expansion to convert a +-free realization of the expansion 
to a realization of the original $4 theorem in the system of LP. 


Keywords: Modal logic, Justification Logic, Realization, Logic of Proofs. 


1 Introduction 


The realization theorem is a main result in the study of justification logic [2,1,8]. 
It provides a formal connection between assorted justification logical systems 
with their modal epistemic logical counterparts in a formal structural way. 
Granted the importance of the realization theorem, various proofs have been 
proposed. There is a constructive proof given in [2] concerning the first axiom 
system of justification logic, LP, treated as a logic of proofs, and its modal 
epistemic counterpart S4. The proof uses cut-free Gentzen style S4 proofs as 
a guide to establish the formal connection. The first semantic proof of the 
theorem is given in [6], which is also where the possible-world-like semantics 
for justification logic is introduced. The method used in the semantic proof 
is later extended by the author to suggest a two-stage proof procedure for an 
infinite class of justification logics [5]. More proofs of the theorem can be found 
in [4,3,7,9]. 

In this paper, we propose another proof of the realization theorem concern- 
ing the relation between $4 and LP. The importance and novelty of the proof 
rest on its revelation of the function of + in the procedure of realization. We 
will define a concept called positive expansion on modal formulas and prove 
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that through the expansion, every S4 theorem can be turned into a theorem 
whose realization is a theorem in LP, the subsystem of LP without +. Then 
an algorithmic procedure is provided which in a way reverses the procedure of 
expansion to convert a +-free realization of the expansion to a realization of 
the initial S4 theorem in the system of LP. More clear statements of the result 
have to wait until some formal definitions are given. But roughly, the process 
of the expansion is to substitute formulas of the form OX VOX for OX, which 
is the modal counterpart of the process of substituting the disjunction s:6V t:¢ 
for (s+ ¢):¢. Thus the process of the expansion can be viewed as the process of 
removing + without + being explicitly stated, and this is justified by our proof 
that every $4 theorem can indeed be expanded to a modal theorem whose real- 
ization is +-free. Then adding + back to the realization of the expanded modal 
theorem, we can obtain a realization of the original analyzed modal theorem in 
the system of LP. For the proof of the realization of a positive expansion of an 
S4 theorem into an LP” theorem, we provide both the semantic and syntactic 
proofs, where the semantic proof renders a structural analysis of the semantics 
of LP’, and the syntactic proof gives us another view of how + functions in 
the procedure of realization. 


2 Positive Expansion and the Realization Theorem 


Some basic knowledge of justification logic and modal logic is assumed. The 
languages of $4, LP”, and LP are denoted as £Lsq4, £,p- and Lip, respectively. 
Comparing the languages, we can see that a formula in Lip, or £,p- is ina 
way the result of filling in the occurrences of 0 of an £o formula with proof 
terms. We give a formal definition based on the observation. 


Definition 2.1 Call a formula of the form OG m-formula. Given a formula F' 
in Lo, O(F) denotes the set of occurrences of m-formula in F’, and O* (F) and 
O~(F) the sets of positive occurrences and negative occurrences of m-formula 
in F respectively. So O(F) = Ot(F)UO7(F).1 


Definition 2.2 Given a formula F € Lu, a proof term assignment, pt- 
assignment, on F assigns a proof term to an occurrence in O(F). 


Definition 2.3 Let F € Lo, and R(F) be the set of pt-assignments of F’. Also 
let « € {+,—}. 
(i) r € R*(F) C R(F) if and only if r(O*(F)) C V, where V is the set of 

propositional variables; 

(ii) r € Re, (F) C R2(F) if and only if the restriction of r to O* (F), r|O*(F), 
is injective. where r|O*(F’) is the restriction of r to O* (F). 

A pt-assignment r is positive normalized ifr € R{(F), and negative normalized 

if r € Rj, (F); then we call a pt-assignment r strictly positive normalized if 

ré€Rz,(F), and strictly negative normalized if r € Rg, (F). 


1 Basically formula occurences and the sets of O(F), O+(F) and O~(F) can be formally 
defined. An example of the definition can be found in [9]. 
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Definition 2.4 Given formulas F,G € Lo, by F <1; G, we mean G = 
F[OX/ OXVOX], that is, G is the result of substituting OXVOX for an oc- 
currence of OX in F. We write F <f G and F <j] G to indicate that the 
occurrence of OX in F is positive and negative respectively. Furthermore, =, 
<*+, and <~ are the transitive and reflexive closure of <;, </, and <7, respec- 
tively, and we call F <* G that G is a positive expansion of F, and F <~ G 
negative expansion. 


Definition 2.5 Given FX<,;*G (FX<,~G respectively) with G = 
Fi[OX/ OXVOX] for some positive (negative) occurrence OX in F, and 
a function p: O-(F) +4 T (p: OT(F) +> 7), we say a pt-assignment r on G is 
rooted in p if and only if there is a pt-assignment r’ on F' such that r’|O7(F) 
(r’'|O+(F) ) is p, and G" = Fr [(OX)™/(OX)" v (GX)’3], where all the 
restrictions of 71, r2, and r3 to their respective O- (OX) (O*(OX)) are equal 
to p|O~ (GX) (p|Ot(GX) respectively). 

Here’s an example. Let P and Q be propositional variables. If F' is OP > 
30Q and G is OP > (050Q v 0-0), then F <+ G with OX = 0-09; 
and if F™ is x:P > t,:7y:Q, and G" is #:P > (t2:7y:Q V ts:7y:Q), then r’ is a 
strictly negative normalized pt-assignment on F’ provided x and y are distinct 
variables, and the pt-assignment r on G is rooted in r’|O~ (F’). Notice that y 
is duplicated in G’, and t;, tg and ts are not necessary to be equal. 


Definition 2.6 Given formulas F,G € Lo and G being a positive (nega- 
tive) expansion of F’, a pt-assignment r on G is rooted in p: O-(F) 4 T 
(p: OT(F) ++ T) if there is a sequence of formulas F=Fo,...,F,=G and a 
sequence of pt-assignments r9 € R(Fo),---,Tn € R(F,) such that ro/O7 (F) 
(re|OT (F)) is Pp, Fy 4 ek F; (Fy <1 F;), and 7 is rooted in rj—-1]O7 (Fy_1) 
(r;-1|O* (Fi_-1)), for 1 < 1 < n. 


Assume that the constant specifications are axiomatically appropriate and 
term-schematic. Given our notations, the realization theorem is as follows: 


Theorem 2.7 F is an S4 theorem if and only if there is a pt-assignment r on 
F such that F” is an LP theorem. 


There are two directions in the theorem. The one from right to left is 
the easy one. We focus on the other, in which a stronger result that r is 
strictly positive normalized can be obtained. In this case, F'” is called a normal 
realization in the literature. Our proof is through the following two theorems: 


Theorem 2.8 If F is an S4 theorem, then there is a positive expansion G of 
F, and a pt-assignment r on G rooted in an injective p: O~ (F) > V such that 
G" is LP” provable. 


Theorem 2.9 Given a positive expansion G of F, and a pt-assignment r on 
G rooted in an injective p: O-(F) + Y, there is a substitution o and a strictly 
positive pt-assignment r’ on F such that G’? > F” is LP provable. 


Call a formula F' € £o with a pt-assignment r such that F” is LP~ provable 
a strong theorem. Then Theorem 2.8 tells us that F' is an $4 theorem if and 
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only if there is a formula G with F <t G, such that G is a strong theorem; 
and furthermore, among all the pt-assignments r on G such that G" is LP~ 
provable, we can pick out an 7’ which is rooted in an injective p: O-(F)WH V 
such that G” is an LP~ theorem. Then according to Theorem 2.9, there is a 
substitution o, and a strictly negative normalized pt-assignment r” of F’ such 
that G"? > FT” is LP provable. Since we are working on an LP(CS) axiom 
system with CS term schematic, G™’ is LP provable, and so is F °” This gives 
us the realization theorem. 


3 Constructive Method 


Now we analyze the first proof of the realization theorem given in [2] to provide 
constructive proof of Theorem 2.8. We call a Gentzen style $4 proof strong if 
every family in the proof contains at most one essential occurrence. Note that 
following the original realization procedure in [2], the conclusion of a strong 
proof is realized to a plus-free normal realization. Suppose that a Gentzen style 
proof is not strong. We can pick out an essential family of the proof in which 
an occurrence of OF in the conclusion of a rule is related to two occurrences of 
F in the premise(s) with each of them belonging to an essential family of the 
subproof tree(s) of the premise(s). There could be one or two subproof trees, 
depending on that it is a contraction rule or a two-premise rule. We call the 
essential family on the left, family 0, and on the right, family 1. Then turn the 
whole proof into a new one by substituting OF’ V OF for all the occurrences of 
F in the essential family that we just pick out. In this procedure, certainly 
Y <} Z, if Z is the resulting formula of the substitution from the formula Y. 
It can then be easily checked that every application of the rules is still an 
application of the same rule, except the applications of the right modal rule in 
which OF is introduced. Then we have such an instance in the proof tree: 


T=F 
T FVOF ? 
which is then replaced by the following: 
T=F 
C F - RV,” 
T FVOF r 


where i=0 or 1 depending on that OF is in family 0 or 1. Continue the process, 
we will eventually have a strong proof, and the conclusion is a strong theorem 
expanded from the original $4 theorem. Finally, since the proof now is strong, 
applying the original algorithm given in [2], we have a realization for the strong 
theorem. 


4 Comparison 


In [5], Fitting, extending from his previous work, proposed a universal method 
to deal with the realization problem for an infinite class of logics, including 
all the justification logic counterparts of Geach logics. Both Fitting’s method 
and the realization procedure adopted here take two stages, with the first at 
which an LP” theorem related in some way to an analyzed modal theorem ¢ 
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is produced: in [5], it’s the quasi-realization of ¢, and here, the realization of a 
positive expansion of ¢, and with the second at which an algorithm is provided 
to turn the quasi-realization or the realization of the positive expansion to a 
realization of ¢ in LP. In our procedure, the LP” theorem produced at the 
first stage is a realization of a modal theorem whose structure compared with 
the originally analyzed modal theorem ¢ is given beforehand: it is a positive 
expansion of ¢; on the other hand, in Fitting’s method, no such knowledge 
is provided; the existence of a quasi-realization of @ is justified by directly 
examining all possible combinations of the realizations of subformulas of the 
analyzed modal theorem. Technically, such knowledge of the comparative struc- 
ture between the underlying modal theorems of the realizations simplifies the 
algorithm given at the second stage. Compared with the complication of the 
algorithm of turning a quasi-realization into a realization, the one given at the 
second stage in our procedure which is guided by the process of the expansion 
is relatively simple. Furthermore, only in such an algorithm in which + is used 
in a way against the structures of the modal theorems, the function of + is fully 
revealed. In a nutshell, + is added to the realization of the positive expansion 
of an analyzed modal theorem to group together realizations of formulas which 
are duplicated in the process of the expansion. Such a function of + can be 
clearly viewed by comparing the original proof of the realization theorem in [2] 
and the constructive proof given here, and this investigation of the function of 
+ can be generalized to concern the realization of the other justification logic 
by the semantic method given in this paper. 
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